A hacker has published 2.3 million records containing sensitive information about WIRED subscribers after the publisher Condé Nast ignored his warnings. Further publications involving a total of 40 million records are imminent.

As the year draws to a close, the digital security landscape is facing a new and serious challenge: a hacker operating under the pseudonym ‘Lovely’ claims to have compromised an extensive database belonging to the world-renowned technology magazine WIRED and published it on the internet. This incident not only puts the internal security protocols of media giant Condé Nast in the spotlight, but also potentially threatens the sensitive data of millions of subscribers worldwide.

According to reports by the BleepingComputer portal, the leaked data set comprises more than 2.3 million individual entries, the details of which are now circulating in relevant underground forums. What is particularly explosive is that the hacker responsible claims to have originally acted as a kind of white hat hacker. According to his own statements, he had repeatedly tried to alert Condé Nast to critical vulnerabilities in their systems that allowed unauthorised access to user accounts. However, as the warnings were ignored over a long period of time and the company failed to respond adequately, the hacker finally decided to publish the data as a means of exerting pressure.

In his accompanying statements, ‘Lovely’ makes serious accusations against the publisher’s management and accuses those responsible of neglecting the security of user data. He claims that it took almost a month for the company to respond to his reports, which he sees as proof of a lack of interest in the data security of subscribers.

Analysis of the published data by experts paints a worrying picture: in total, the file contains around 2.36 million data records with almost as many email addresses. The time span of the entries is also considerable, ranging from the magazine’s inception in 1996 to September 2025.

In addition to email addresses and internal user IDs, the leak also contains some sensitive information. Around 284,000 entries contain first and last names, over 194,000 records include physical addresses, and in tens of thousands of cases, even dates of birth and telephone numbers are noted. Even if not every profile is completely filled out, the sheer volume of data provides an ideal basis for criminal activities such as targeted phishing or identity theft.

Even more worrying is the hacker’s announcement that this may only be the beginning. He is threatening to publish another 40 million records in the near future, which are said to originate from other well-known brands in the Condé Nast portfolio, including publications such as The New Yorker, Vogue, Vanity Fair and Architectural Digest.

Cybersecurity experts have already been able to largely confirm the authenticity of the WIRED leak by comparing random samples with known data records from infostealer malware. The affected data has also already been added to the ‘Have I Been Pwned’ service, which allows users to quickly check their own data. Experts strongly advise all subscribers to update their passwords and to be particularly vigilant about emails from unknown sources in the near future. While Condé Nast has not yet issued an official statement, this case once again highlights how crucial proactive communication with security researchers is in preventing such devastating data leaks.