A hacker has leaked hundreds of thousands of subscriber information from Wired journal and is threatening to launch a further 40 million information stolen from its mother or father firm, Condé Nast.
The hacker, who makes use of the net moniker ‘Pretty’, printed the Wired consumer knowledge on a number of cybercrime boards in latest days.
An evaluation performed by cybersecurity agency Hudson Rock confirmed that 2.3 million Wired information have been made out there for obtain.
The leaked data consists of names, e mail addresses, show names, dates of delivery, bodily addresses, cellphone numbers, and genders. Nevertheless, solely e mail addresses look like included in all information; the opposite kind of knowledge was uncovered just for a comparatively small proportion of customers. The newest entries are dated September 2025.
Hudson Rock has confirmed the authenticity of the leaked knowledge by cross-referencing it with subscriber credentials beforehand compromised by info-stealer malware.
Based mostly on the format of the leaked recordsdata, the safety agency believes the attacker possible exploited insecure direct object reference (IDOR) flaws and damaged entry management points, which enabled the hacker to view and alter knowledge.
The uncovered Wired knowledge has been added to the Have I Been Pwned knowledge breach notification service.
After leaking the Wired knowledge, Pretty claimed to have obtained greater than 40 million different information from Condé Nast, which the hacker has threatened to make out there “over the subsequent few weeks”.
Condé Nast is a media firm whose portfolio additionally consists of main publications reminiscent of Vogue, Self-importance Honest, Glamour, and The New Yorker. The opposite knowledge information obtained by the hacker could also be associated to the readers of Condé Nast’s different publications. Commercial. Scroll to proceed studying.
The media firm doesn’t seem to have issued a press release concerning the cybersecurity incident, and it has not responded to SecurityWeek’s request for remark.
DataBreaches.web was contacted by Pretty in November, claiming they have been a researcher who had been unsuccessfully making an attempt to inform Condé Nast about vulnerabilities in its programs. It later turned out that Pretty was a cybercriminal making an attempt to revenue from the hack.
Associated: Nissan Confirms Impression From Crimson Hat Information Breach
Associated: 3.5 Million Affected by College of Phoenix Information Breach
Associated: 113,000 Impacted by Information Breach at Virginia Psychological Well being Authority
