Condé Nast Data Breach Exposes 2.3 Million User Records

A significant security incident has impacted media giant Condé Nast following a breach by a hacker known as Lovely. The attacker claims to have accessed a user database and released a list of over 2.3 million records belonging to WIRED subscribers. The exposed data includes personal demographic details but excludes passwords.

While the breach poses a risk to users of several major publications, Ars Technica has confirmed that its systems remain secure. The hacker alleges that Condé Nast ignored warnings regarding vulnerabilities for an extended period. Furthermore, there is an ongoing threat of additional data leaks involving tens of millions of records from other properties within the media conglomerate's portfolio.

Earlier this month, a hacker identified as Lovely announced a breach of a Condé Nast user database. The primary impact of this breach has been felt by readers of WIRED, a sister publication to Ars Technica. The attacker released a list containing more than 2.3 million user records derived from this publication.

The released materials contain a variety of demographic information. Specifically, the data includes:

• User names
• Email addresses
• Physical addresses
• Phone numbers

According to the reports, the data dump does not include user passwords, which may mitigate some of the immediate risks associated with the breach. However, the volume of the data represents a significant exposure of user privacy.

The incident appears to extend beyond the initial leak of 2.3 million records. The hacker, Lovely, has explicitly stated intentions to release further data. An additional 40 million records are reportedly slated for release in the coming weeks.

These future leaks are expected to impact other Condé Nast properties. The hacker listed several high-profile sister publications as targets, including:

• Vogue
• The New Yorker
• Vanity Fair

This suggests a widespread vulnerability across the media conglomerate's digital infrastructure, potentially affecting a vast number of subscribers across different interest sectors.

Despite the widespread nature of the breach across the Condé Nast portfolio, Ars Technica users have been assured that their data is safe. The publication has clarified that it operates on its own bespoke tech stack. This independent infrastructure separates Ars Technica from the shared systems that were reportedly compromised in this incident.

Therefore, the data released by the hacker does not include any information from Ars Technica's user base. This distinction highlights the security benefits of maintaining independent technology stacks within a larger media organization.

The hacker Lovely has made serious accusations regarding Condé Nast's response to security warnings. The attacker claims to have identified vulnerabilities and urged the company to patch them, but alleges that the company failed to act in a timely manner.

According to the hacker, it took "an entire month to convince them to fix the vulnerabilities on their websites." This delay allegedly allowed the breach to occur. Lovely expressed frustration with the company's attitude toward user data security, stating:

"Condé Nast does not care about the security of their users data."

The hacker has promised to continue leaking data, citing the company's perceived negligence as the primary motivation for the ongoing attack.