Hackers are selling 2.3 million Wired subscriber records while threatening to dump 40 million more Condé Nast accounts.
Your Wired subscription data is now for sale on hacker forums for less than a Starbucks latte. On December 20, 2025, a group calling itself “Lovely” dumped 2.3 million subscriber records onto Breach Stars—a digital flea market where your personal information trades like Pokemon cards.
The leak includes your email, full name, phone number, home address, birthday, and account details dating back to 2011. While passwords and payment info stayed locked up, everything else needed for sophisticated phishing campaigns is now floating around the internet’s shadier neighborhoods.
When Security Researchers Turn Rogue
Lovely claims this dump was retaliation for Condé Nast ignoring vulnerability warnings for over a month.
The story gets messier when you dig into Lovely’s origin story. Initially posing as a legitimate security researcher, they contacted Condé Nast months earlier about six vulnerabilities in their systems. When the media giant allegedly ignored the warnings for a month, Lovely pivoted from white hat to revenge mode.
They dubbed the data dump their “Christmas Lump of Coal”—because nothing says holiday cheer like exposing millions of subscribers to identity theft. DataBreaches.net, which Lovely initially approached for help with disclosure, now calls the whole thing an extortion scheme.
Your Data, Verified and Weaponized
Security researchers confirmed the breach using malware logs, while hackers threaten Vogue, GQ, and New Yorker subscribers next.
Hudson Rock researchers authenticated the leak by matching records to data stolen by infostealer malware like RedLine and Racoon—essentially confirming your personal information through other crimes. The database includes entries as recent as September 2025, meaning active subscribers face immediate risks of doxxing, swatting, and targeted phishing campaigns.
Lovely claims access to a centralized Condé Nast system containing over 40 million records across properties including Vogue, GQ, Vanity Fair, and The New Yorker. Your subscription to that architecture magazine might be next.
The Sound of Corporate Silence
Condé Nast hasn’t publicly acknowledged the breach while affected readers scramble for answers.
As of late December 2025, Condé Nast remains silent about the breach—no public statement, no subscriber notifications, no response to security inquiries. This radio silence while 2.3 million people wonder if their morning newsletter subscription turned into an identity theft risk feels particularly tone-deaf for a company that publishes cybersecurity coverage.
Check if your email appears in the leak at Have I Been Pwned, which added the database to their monitoring system. Monitor your accounts for suspicious activity, because your favorite tech publication just became a case study in everything they warn you about.
