Hacker claims breach of Condé Nast user database

Earlier in December 2025, the hacker Lovely announced the breach of a Condé Nast user database. They released a dataset containing more than 2.3 million user records specifically from WIRED, one of Condé Nast's prominent publications. The exposed information encompasses basic demographic details such as names, email addresses, physical addresses, and phone numbers, though crucially, it does not include passwords.

Lovely has indicated plans to disclose further data affecting up to 40 million users across various Condé Nast titles, including Vogue, The New Yorker, and Vanity Fair. However, Ars Technica, another publication under the broader umbrella but operating independently, remains unaffected due to its unique technical infrastructure.

The hacker portrayed their actions as a response to Condé Nast's alleged neglect of security vulnerabilities. In a statement, Lovely wrote: “Condé Nast does not care about the security of their users data. It took us an entire month to convince them to fix the vulnerabilities on their websites. We will leak more of their users’ data (40 + million) over the next few weeks. Enjoy!”

Questions surround the hacker's true intentions. According to DataBreaches.Net, Lovely initially posed as someone assisting with vulnerability patches but was actually seeking financial gain. The site stated: “As for “Lovely,” they played me. Condé Nast should never pay them a dime, and no one else should ever, as their word clearly cannot be trusted.”

Condé Nast has yet to release an official statement on the incident. Ars Technica reports no internal notification, which aligns with their separation from the affected systems. Security researchers, such as those at Hudson Rock’s InfoStealers, have provided detailed analyses of the leaked data's scope.