Wired subscriber data exposed as hackers claim to have stolen 40 million Condé Nast records
Hackers say the Wired leak is only a small part of a larger cache
by Rob Thubron · TechSpotServing tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
What just happened? Do you subscribe to Wired? If so, you might want to be extra vigilant when it comes to suspicious emails. A hacking group claims to have posted sensitive information belonging to 2.3 million subscribers to the tech publication, and it plans to release 40 million additional records for other Condé Nast properties.
The group, which goes by the name Lovely, said it reached out to Condé Nast months ago to warn them about six vulnerabilities it had discovered.
Lovely said the owner of Vogue, The New Yorker, GQ, Vanity Fair, Wired, and other publications never replied. The group also contacted DataBreaches.net, supposedly to seek help in getting in touch with the company's security team. Wired was eventually notified about the issues.
DataBreaches.net later said, "As for 'Lovely,' they played me. Condé Nast should never pay them a dime, and no one else should ever, as their word clearly cannot be trusted."
Despite initially claiming no malicious intent, Lovely leaked the stolen Wired database on a hacking forum. Visitors could access the database by paying the equivalent of around $2.30 using the site's credits system.
In a post on the forum, Lovely wrote, "Condé Nast does not care about the security of their users' data. It took us an entire month to convince them to fix the vulnerabilities on their websites."
Lovely says the Wired database contains around 2.3 million email addresses, unique internal IDs, full names, phone numbers, postal addresses, genders, and birthday information. It also shows when an account was created, when its last session was, and other information specific to Wired, such as display usernames. No financial information, such as card card details, appear to have been revealed.
// Related Stories
- Hackers flood Rainbow Six Siege with billions in virtual currency, forcing the Ubisoft marketplace offline
- A Pennsylvania court says police can sift through Google searches to find suspects
Lovely claims it also stole data from other Condé Nast properties, including The New Yorker, Epicurious, SELF, Vogue, Allure, Vanity Fair, Glamour, Men's Journal, Architectural Digest, Golf Digest, Teen Vogue, Style.com, and Condé Nast Traveler.
As reported by The Reg, Hudson Rock researchers said the attack bears the hallmarks of techniques used by infostealer malware such as RedLine and Racoon.
"Our researchers identified legitimate subscriber credentials for Wired.com within global infostealer infection logs. By matching these compromised credentials against the records in the leaked database, we have definitively confirmed the authenticity of the dataset without any interaction with the victim organization," Hudson Rock wrote on its website.
In cases like these, those whose details were included in the leak are at risk of doxxing, swatting, and phishing campaigns.
The database has been added to Have I Been Pwned, so you can check to see if your information was part of the leak.