Hacker “Lovely” Leaks 2.3M WIRED Subscriber Records

by ddos · December 30, 2025

A hacker using the alias Lovely has published a database containing the personal information of WIRED subscribers on an underground forum. According to the attacker, the data was obtained through a breach of Condé Nast, the media conglomerate that owns the magazine. The leaked dataset reportedly contains more than 2.3 million records, and the hacker claims this is only the beginning, promising to disclose data on tens of millions of users from other Condé Nast publications in the near future.

The post featuring the database appeared on December 20 and was accompanied by accusations directed at Condé Nast. Lovely alleges that the company ignored vulnerability reports on its websites for over a month.

Access to the archive containing the leaked data is being sold through the forum’s internal virtual currency system, at a cost equivalent to roughly $2.30. The archive was later mirrored on other hacking platforms, though access in all cases requires spending credits to obtain the password.

Lovely also published a list of media outlets whose user data was allegedly compromised. The named publications include The New Yorker, Vogue, SELF, Vanity Fair, Teen Vogue, Condé Nast Traveler, Glamour, Allure, Men’s Journal, Architectural Digest, Golf Digest, and Epicurious.

The leaked database contains 2,366,576 records, of which 2,366,574 include unique email addresses. Account creation and activity dates range from late April 1996 to early September 2025. Each entry includes an internal subscriber identifier and an email address, and in some cases also contains a first and last name, phone number, physical address, date of birth, and gender.

While many fields remain empty, approximately 284,000 records include a full name, more than 194,000 contain a physical address, nearly 67,000 list a date of birth, and over 32,000 include a phone number. Fully populated profiles with the maximum amount of personal data appear in only about 1,500 entries.

Additional confirmation of the database’s authenticity was provided by representatives of Hudson Rock. According to CTO Alon Gal, the WIRED data matches information previously observed in malware logs associated with credential theft.

The incident also drew the attention of DataBreaches.net. A representative of the site stated that they contacted Lovely in late November, at which point the individual presented themselves as a researcher attempting to report discovered vulnerabilities through a secure channel.

To demonstrate the issue, several sample records were shared, including one linked to a WIRED employee. After receiving no response, the hacker proceeded to release the entire database. It later became apparent that the initial claims were a ruse, and that the attacker’s true objective from the outset was the acquisition and publication of a large volume of data.

The leaked dataset has since been added to the Have I Been Pwned service, allowing users to check whether their email addresses were compromised.