Crims disconnect Wired subscribers from their privacy, publish deets online
(2025/12/29)
- Reference: 1767036217
- News link: https://www.theregister.co.uk/2025/12/29/wired_hack_subscriber_info_leaked/
- Source link:
A criminal group is beating Conde Nast over the head for not responding sooner to its extortion attempt by posting stolen subscribers' email and home addresses and warning the publisher of Wired, The New Yorker, Vanity Fair, and Teen Vogue that it has 40 million more entries.
The group known as Lovely said that it tried to tell Conde Nast about the holes in its security a month ago, but after not receiving a response, they decided to publish the email addresses of subscribers on Christmas Day.
The current leak is centered around readers of Wired magazine. The miscreants published 2.3 million emails, which had the names of 285,000 subscribers, 108,000 home addresses, and 32,000 phone numbers.
[1]
Additionally, some user IDs, display names, account creation and update timestamps, and in some cases last session dates and IP addresses, have been published, which shows [2]the database that was targeted could have contained live data and was not a static marketing repository.
[3]
[4]
“Conde Nast does not care about the security of their users’ data. It took us an entire month to convince them to fix the vulnerabilities (on) their website,” the hackers wrote in a forum post. “We will leak more of their users’ data (40+ million) over the next few weeks. Enjoy!”
[5]From pr0n to playlists and paperclips, trio of breaches spills data of millions
[6]Hack to school: Parents told to keep their little script kiddies in line
[7]Get ready for 2026, the year of AI-aided ransomware
[8]Russian hackers debut simple ransomware service, but store keys in plain text
The batch of files was published to Limewire and Gofile.io.
The world could soon learn if you subscribed to The New Yorker, from which they could infer whether you are the kind of person who appreciates their dry, witty cartoons that take poignant stabs at life in the modern age. The Register has reached out to Conde Nast for comment, but has not yet received a reply.
[9]Security researchers who downloaded the tranche of files determined that the hackers were not bluffing. The email addresses which were released appear to match subscribers whose emails have been compromised. Researchers with Hudson Rock said the attack bears the hallmarks of techniques used by infostealer malwares such as RedLine and Racoon.
[10]
“Our researchers identified legitimate subscriber credentials for wired.com within global infostealer infection logs. By matching these compromised credentials against the records in the leaked database, we have definitively confirmed the authenticity of the dataset without any interaction with the victim organization,” Hudson Rock wrote on its website.
Its researchers warn that victims could be subject to doxxing, swatting and phishing campaigns as a result of having their information published. However, Hackread pointed out that the silver lining appears to be no credit card information has been exposed. ®
Get our [11]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aVMIEk7lnxrSRDd2pRkqegAAAAw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://hackread.com/hacker-leak-wired-com-records-conde-nast-breach/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aVMIEk7lnxrSRDd2pRkqegAAAAw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aVMIEk7lnxrSRDd2pRkqegAAAAw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2025/12/16/trio_of_breaches/
[6] https://www.theregister.com/2025/09/12/students_school_cyberattacks/
[7] https://www.theregister.com/2025/11/25/trend_micro_agentic_ai_assisted_ransomware/
[8] https://www.theregister.com/2025/12/11/cybervolk_ransomware_is_back/
[9] https://www.infostealers.com/article/wired-database-leaked-40-million-record-threat-looms-for-conde-nast/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aVMIEk7lnxrSRDd2pRkqegAAAAw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[11] https://whitepapers.theregister.com/
The group known as Lovely said that it tried to tell Conde Nast about the holes in its security a month ago, but after not receiving a response, they decided to publish the email addresses of subscribers on Christmas Day.
The current leak is centered around readers of Wired magazine. The miscreants published 2.3 million emails, which had the names of 285,000 subscribers, 108,000 home addresses, and 32,000 phone numbers.
[1]
Additionally, some user IDs, display names, account creation and update timestamps, and in some cases last session dates and IP addresses, have been published, which shows [2]the database that was targeted could have contained live data and was not a static marketing repository.
[3]
[4]
“Conde Nast does not care about the security of their users’ data. It took us an entire month to convince them to fix the vulnerabilities (on) their website,” the hackers wrote in a forum post. “We will leak more of their users’ data (40+ million) over the next few weeks. Enjoy!”
[5]From pr0n to playlists and paperclips, trio of breaches spills data of millions
[6]Hack to school: Parents told to keep their little script kiddies in line
[7]Get ready for 2026, the year of AI-aided ransomware
[8]Russian hackers debut simple ransomware service, but store keys in plain text
The batch of files was published to Limewire and Gofile.io.
The world could soon learn if you subscribed to The New Yorker, from which they could infer whether you are the kind of person who appreciates their dry, witty cartoons that take poignant stabs at life in the modern age. The Register has reached out to Conde Nast for comment, but has not yet received a reply.
[9]Security researchers who downloaded the tranche of files determined that the hackers were not bluffing. The email addresses which were released appear to match subscribers whose emails have been compromised. Researchers with Hudson Rock said the attack bears the hallmarks of techniques used by infostealer malwares such as RedLine and Racoon.
[10]
“Our researchers identified legitimate subscriber credentials for wired.com within global infostealer infection logs. By matching these compromised credentials against the records in the leaked database, we have definitively confirmed the authenticity of the dataset without any interaction with the victim organization,” Hudson Rock wrote on its website.
Its researchers warn that victims could be subject to doxxing, swatting and phishing campaigns as a result of having their information published. However, Hackread pointed out that the silver lining appears to be no credit card information has been exposed. ®
Get our [11]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aVMIEk7lnxrSRDd2pRkqegAAAAw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://hackread.com/hacker-leak-wired-com-records-conde-nast-breach/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aVMIEk7lnxrSRDd2pRkqegAAAAw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aVMIEk7lnxrSRDd2pRkqegAAAAw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2025/12/16/trio_of_breaches/
[6] https://www.theregister.com/2025/09/12/students_school_cyberattacks/
[7] https://www.theregister.com/2025/11/25/trend_micro_agentic_ai_assisted_ransomware/
[8] https://www.theregister.com/2025/12/11/cybervolk_ransomware_is_back/
[9] https://www.infostealers.com/article/wired-database-leaked-40-million-record-threat-looms-for-conde-nast/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aVMIEk7lnxrSRDd2pRkqegAAAAw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[11] https://whitepapers.theregister.com/
If you replaced that "or" with "and" - then I couldn't imagine it.
elDog
But I've been a reader on-and-off for many years of Wired and The New Yorker. (I love their tote bags.)
Only if I re-incarnate as something very different will I qualify for a subscription to Teen Vogue (and get a new tote bag?)
Unfortunately arsTECHNICA is also a product of Condé Nast; and I'm a subscriber ... :-(
El.Mich.
And I'm pretty certain that there surely is quite a big overlap (intersection?) between readers of arsTECHNICA and The Register as well. So it's probably no fault to remind people here in this forum to pls. be prepared to change their credentials from time to time; and in this case probably sooner better than later.
And WIRED as well as arsTECHNICA can probably be counted among the honourable veterans of technical journalism. And this also shows that real security in this thoroughly connected world is more or less just an illusion. :-(
OMG.
Imagine being subscribed to Wired, The New Yorker, Vanity Fair or Teen Vogue.