A hacker, operating under the alias “Lovely,” has reportedly leaked the personal information of more than 2.3 million users of Wired.com, a leading American technology and culture magazine. This breach was disclosed on December 20, 2025, via a newly established hacking forum named Breach Stars.
The hacker not only provided a downloadable link and a file hash but also issued a statement that accused Condé Nast, the parent company of Wired, of neglecting repeated security warnings. The hacker claimed, “Condé Nast does not care about the security of their users’ data. It took us an entire month to convince them to fix the vulnerabilities on their websites. We will leak more of their users’ data (40+ million) over the next few weeks. Enjoy!“
Wired Data
The leaked data encompasses user records containing various fields, including full names, email addresses, user IDs, display names, and timestamps for account creation and updates. Notably, while no password or payment information appears to have been compromised, the exposure of personal email addresses and unique user IDs raises serious privacy concerns.
Most records lack specific personal information such as phone numbers or addresses, suggesting these were not mandatory during the sign-up process. Some entries include system-generated emails, indicating potential automated usage, while many others contain personal emails from service providers like Gmail and AOL. This indicates that the leak involves real user accounts that may date back as early as 2011.
The timestamps associated with the accounts display a range of activities, with account creation ranging from 2011 to 2022. This variability suggests that the data was sourced from either a live user database or an archived dataset, reinforcing the hacker’s claim of having accessed Wired’s account system or a shared platform utilized by Condé Nast.
Sample of Claimed Record Counts
Additionally, the hacker’s post detailed records from other Condé Nast properties, asserting access to more than 40 million accounts across multiple brands, including notable entries from GQ, Vogue, and The New Yorker, among others. A mysterious entry labeled “NIL” was included, accounting for nearly 9.5 million accounts, hinting at a broader organizational breach that may involve centralized account management.
As of this report, Condé Nast has not publicly confirmed or denied the breach. Verification of the leaked data is ongoing, but early social media reports suggest that the records do indeed contain authentic user information, such as names and email addresses.
Hacker Previously Posed as a Researcher
Interestingly, the hacker previously engaged with journalists under the guise of a security researcher, which ultimately fell apart when skepticism about their credibility arose. This prompted threats to publicly disclose the data, further complicating the situation and raising questions about their intentions and methods.
The specific vulnerabilities exploited for the data extraction have yet to be disclosed. However, analysis from security experts indicates that the leaked records are legitimate. While condé Nast remains the authoritative source for validating the breach, until official confirmation is provided, the integrity of the claims and the leaked data remains under scrutiny. At this juncture, organizations and business owners should regard the event as a cautionary tale that underscores the importance of robust cybersecurity measures.
This is an evolving story.
