Extortion group Lovely leaks Wired subscriber data, claims 40M records

TL;DR

A criminal collective calling itself Lovely says it stole millions of subscriber records from Condé Nast and has published a tranche of Wired reader data online. Security researchers who examined the files say the dataset appears authentic and could enable doxxing, phishing and other attacks.

What happened

An extortion group identifying itself as Lovely says it attempted to notify Condé Nast about security weaknesses a month before publicly releasing subscriber details. After receiving no response, the group published a dataset focused on Wired readers on Christmas Day. That initial release included roughly 2.3 million email addresses, and within that collection researchers counted names tied to about 285,000 subscriber accounts, approximately 108,000 home addresses and around 32,000 phone numbers. Some records also contained user IDs, display names, account creation and update timestamps and, in some cases, last session dates and IP addresses, suggesting the targeted database held active account information rather than a static marketing list. The files were uploaded to file-sharing sites including Limewire and Gofile.io. Independent security researchers matched leaked entries to global infostealer logs and said the dataset appears genuine; the attackers warned they plan to publish more of what they claim is a 40+ million record trove.

Why it matters

• Published personal details — names, addresses, phone numbers and emails — raise risk of doxxing, targeted phishing and swatting against subscribers.
• Presence of session timestamps and IP addresses indicates potential exposure of live account metadata that could be used to hijack accounts or escalate access.
• Extortion-driven disclosures pressure media companies to improve security and incident response; delayed notification may increase harm.
• Large-scale leaks of subscriber information can damage trust in publishers and force costly remediation and notification efforts.

Key facts

• The group Lovely claims to have stolen or to possess 40+ million pieces of information from Condé Nast.
• Attackers published a Wired-focused tranche that included about 2.3 million email addresses.
• Within the release researchers identified roughly 285,000 subscriber names, ~108,000 home addresses and ~32,000 phone numbers.
• Some leaked records contained user IDs, display names, account creation/update timestamps, and occasionally last session dates and IP addresses.
• Files were posted to Limewire and Gofile.io according to the reporting.
• Security firm Hudson Rock matched leaked entries to global infostealer infection logs and said the dataset aligns with credentials obtained by infostealer malware.
• Hudson Rock noted the pattern resembles activity from infostealer families such as RedLine and Racoon.
• Reporting cited concerns that no credit card information appears to have been exposed in the published tranche.

What to watch next

• Whether Lovely follows through on its threat to publish more of the claimed 40+ million records or releases additional datasets (ongoing — not confirmed in the source).
• If and when Condé Nast issues an official statement, confirms the extent of the breach or notifies affected subscribers (not confirmed in the source).
• Any disclosures from law enforcement or forensic investigators about the attack vector, scope and attribution (not confirmed in the source).

Quick glossary

• Infostealer: Malware designed to harvest credentials and other sensitive data from infected systems, often exfiltrating it to attacker-controlled servers.
• Doxxing: The public release of private or identifying information about an individual without their consent, often to harass or intimidate.
• Swatting: A dangerous prank in which someone makes a false report to emergency services to provoke an armed police response to a targeted address.
• IP address: A numerical label assigned to devices on a network that can reveal approximate geographic location and be used in tracking or account fraud.

Reader FAQ

How many records were published in the Wired tranche?
The published batch included about 2.3 million email addresses and associated data points; researchers identified roughly 285,000 subscriber names, ~108,000 home addresses and ~32,000 phone numbers.

Were credit card details exposed?
Reporting cited a researcher who said no credit card information appears to have been included in the published tranche.

Has Condé Nast responded or confirmed the breach?
The Register reached out to Condé Nast for comment and had not received a reply at the time of reporting.

What techniques were used to obtain the data?
Security researchers linked the leaked records to global infostealer infection logs and said the activity resembles use of infostealer malware families such as RedLine and Racoon.

CYBER-CRIME Crims disconnect Wired subscribers from their privacy, publish deets online Extortion group Lovely claims to have stolen 40 million pieces of info from publisher Conde Nast O'Ryan Johnson Mon 29 Dec 2025…

Sources

• Crims disconnect Wired subscribers from their privacy, publish deets online
• 40 Million Record Threat Looms for Condé Nast
• WIRED Data Breach
• Condé Nast faces major data breach: 2.3M WIRED records …

Related posts

• CUII list: Domains reportedly blocked by German internet providers
• FBI Response to Fraud Allegations in Minnesota: Coverage and Context
• Four 2025 tech trends set to reshape infrastructure, energy and security