Hackers have leaked a database containing over 2.3 million WIRED subscriber data, marking a serious breach at Condé Nast, the mum or dad firm.
The menace actor “Beautiful” claims that is simply the beginning, promising to launch as much as 40 million extra data from manufacturers like Vogue and The New Yorker.
The info dump, posted on hacking boards like Breach Stars and BreachForums round Christmas Day 2025, consists of 2.3 million e-mail addresses, 285,936 names, 102,479 residence addresses, and 32,426 telephone numbers.
Information function JSON-formatted profiles with fields like consumer IDs, creation dates from 2011 to 2022, and up to date exercise as much as September 8, 2025. Screenshots from the leak present in depth file lists and redacted subscriber particulars throughout Condé Nast websites.
Hudson Rock researchers verified the WIRED information’s legitimacy by cross-referencing it with RedLine and Raccoon infostealer logs, confirming high-overlap compromised credentials.
The agency warns of a looming 40-million-line breach focusing on Condé Nast’s shared id system, which spans publications together with Vainness Truthful, GQ, and Architectural Digest. No passwords or fee information appeared within the preliminary dump, however PII publicity raises dangers for phishing, doxing, and swatting.
Attackers exploited Insecure Direct Object References (IDOR) to scrape profiles by iterating by means of consumer IDs, leading to giant JSON exports.
Damaged entry controls on account endpoints enabled unauthenticated entry to and modification of emails, passwords, and profiles. These flaws within the centralized platform enabled bulk exfiltration with out full authentication.
Information TypeCountEmails2,300,000Names285,936Addresses102,479Phone Numbers32,426
In November 2025, “Beautiful” posed as a researcher, “Dissent Doe,” and contacted DataBreaches.internet to assist notify Condé Nast of six vulnerabilities.
Regardless of repeated outreach, together with through WIRED reporters and safety groups, Condé Nast provided no public response or safety.txt file. Annoyed, Beautiful leaked the WIRED information as a “Christmas Lump of Coal,” accusing the agency of ignoring customers.
Affected subscribers report hits on darkish internet screens like Have I Been Pwned, which added the breach. Condé Nast’s silence amplifies dangers, as shared logins may cascade throughout manufacturers. Specialists urge password resets and monitoring, highlighting the necessity for higher vulnerability disclosure in media giants.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
