← Back to articles

Conde Nast Hit by Data Breach and Extortion Threat from Hackers

January 6, 2026

A criminal group, calling itself Lovely, has issued a stark warning and started publishing stolen subscriber data from Conde Nast, the publisher behind Wired, The New Yorker, Vanity Fair, and Teen Vogue. The hackers claim their initial attempt to alert the company about security vulnerabilities was ignored, prompting them to release sensitive information on Christmas Day.

Details of the Leak

The breach primarily affects Wired magazine subscribers. Hackers released:

  • 2.3 million email addresses
  • Names of approximately 285,000 subscribers
  • 108,000 home addresses
  • 32,000 phone numbers

Additional data leaked include user IDs, display names, account creation and update timestamps, last session dates, and IP addresses. The breadth of this data suggests the database likely contained live, user-specific information rather than static marketing lists.

Emails and addresses

Hacker Message and Future Threats

The hacking group accused Conde Nast of neglecting user data security, stating:

“Conde Nast does not care about the security of their users’ data. It took us an entire month to convince them to fix the vulnerabilities on their website. We will leak more of their users’ data (40+ million) over the next few weeks. Enjoy!”

The group has announced plans to continue releasing more leaked data, which they say will include information from various Conde Nast platforms, potentially encompassing over 40 million entries.

Distribution and Implications

The stolen files were uploaded to file-sharing platforms Limewire and Gofile.io. If the data spreads further, it could reveal subscriber identities and preferences—potentially exposing whether individuals enjoy content such as The New Yorker’s satirical cartoons or Vogue’s fashion coverage.

Security Experts Confirm Authenticity

Security researchers from Hudson Rock verified the leak’s authenticity. They found that subscriber email addresses and credentials matching the leaked data appeared in global infostealer malware infection logs—specifically RedLine and Racoon. This connection indicates the breach is real and the data genuine.

Potential Risks for Subscribers

According to cybersecurity experts, affected individuals could face risks such as:

  • Doxxing
  • Swatting
  • Phishing attacks

Fortunately, no credit card or payment information was disclosed in this leak.

Response and Next Steps

Conde Nast has yet to comment publicly on the breach. As the story develops, users are advised to monitor their accounts for suspicious activity and remain cautious of targeted scams.

The cybersecurity landscape continues to evolve, with increasingly sophisticated attacks exposing personal data of millions. Stay vigilant and informed.