Claimed Condé Nast breach exposes 2.3M WIRED records; Ars unaffected

Earlier this month, a hacker using the name Lovely claimed to have breached a Condé Nast user database and released a list of more than 2.3 million user records from WIRED. Ars Technica says it was not affected and runs on its own bespoke tech stack.

The released materials reportedly contain demographic information — name, email, address, phone and similar data — but no passwords. The hacker also said they will release an additional 40 million records for other Condé Nast properties, including Vogue, The New Yorker and Vanity Fair. The hacker wrote, “Condé Nast does not care about the security of their users data. It took us an entire month to convince them to fix the vulnerabilities on their websites. We will leak more of their users’ data (40+ million) over the next few weeks. Enjoy!”

It is unclear how altruistic the motive really was. DataBreaches.Net said Lovely misled the site into believing the hacker was trying to help patch vulnerabilities and that the actor appears to be a “cybercriminal” seeking a payout. “As for ‘Lovely,’ they played me. Condé Nast should never pay them a dime, and no one else should ever, as their word clearly cannot be trusted,” wrote DataBreaches.Net.

Condé Nast has not issued a statement, and Ars Technica said it has not been informed internally of the hack. Hudson Rock’s InfoStealers is cited as offering a detailed rundown of what has been exposed.

Key Topics

Tech, Data Breach, User Database, Demographic Data, Lovely, Databreaches.net