The Price of Your Privacy: $2.30. That's How Much They Ask for a Database of an Elite Glossy Magazine's Readers
A recent incident has put a dozen global brands at risk.
A recent incident has put a dozen global brands at risk.
A hacker using the pseudonym Lovely published a database containing the personal information of WIRED magazine subscribers on a forum. The attacker claims the data was obtained by hacking Condé Nast, the structure that owns the publication. The published records exceed 2.3 million, and according to the attacker, this is just the beginning—information about tens of millions of users from other media holdings owned by the company is promised to be released soon.
The publication with the database appeared on December 20, accompanied by accusations against Condé Nast. Lovely claims the company ignored vulnerability reports on its websites for a month.
Access to the archive with the leaked data is distributed through the forum's in-game currency system—costing approximately $2.30 in equivalent. Later, the archive was duplicated on other hacker platforms, but everywhere access requires spending credits to obtain a password.
Lovely also published a list of publications for which user data has allegedly already been obtained. The mentioned resources include The New Yorker, Vogue, SELF, Vanity Fair, Teen Vogue, Condé Nast Traveler, Glamour, Allure, Men’s Journal, Architectural Digest, Golf Digest, and Epicurious.
The leaked database contains 2,366,576 records, of which 2,366,574 contain unique email addresses. Account creation and activity dates range from late April 1996 to early September 2025. Each record includes an internal subscriber ID, email address, and, in some cases, first and last name, phone number, physical address, date of birth, and gender.
A significant portion of the fields remain empty, but about 284,000 records contain first and last names, over 194,000 contain addresses, nearly 67,000 contain dates of birth, and over 32,000 contain phone numbers. Full profiles with the maximum amount of personal data were found in only about one and a half thousand rows.
Additional confirmation of the database's authenticity came from representatives of the company Hudson Rock. According to CTO Alon Gal, data from the WIRED database matches known malware logs that record stolen accounts.
The incident also caught the attention of DataBreaches.net. Their representative reported contacting Lovely in late November—at the time, Lovely presented themselves as a researcher trying to report found vulnerabilities through a reliable channel.
To demonstrate the problem, individual records were provided, including one related to a WIRED employee. However, having received no response, the hacker decided to release the entire database. It later became clear that the initial claims were a ruse, and the attacker's goal was always to obtain and publish a large volume of data.
The leaked database has already appeared in the Have I Been Pwned service, allowing users to check if their email addresses have been compromised.
