A hacker utilizing the alias “Beautiful” has leaked what they declare is the non-public knowledge of over 2.3 million Wired.com customers, a distinguished American journal and web site. The leak was posted on December 20, 2025, on a newly launched hacking discussion board referred to as Breach Stars.
Together with a obtain hyperlink and file hash, the hacker issued an announcement accusing Condé Nast, Wired’s guardian firm, of ignoring repeated warnings:
“Condé Nast doesn’t care in regards to the safety of their customers’ knowledge. It took us a complete month to persuade them to repair the vulnerabilities on their web sites. We are going to leak extra of their customers’ knowledge (40+ million) over the following few weeks. Take pleasure in!”
Wired Information
The leaked Wired.com knowledge contains consumer information with fields similar to full names, e-mail addresses, consumer ID, show names, account creation and replace timestamps, and in some instances, final session dates.
The excellent news is that there’s no password or fee data seen, however the presence of actual e-mail addresses and distinctive consumer IDs makes the leak delicate and legitimate from a privateness standpoint.
Most information present empty values for private fields like cellphone quantity, birthday, and handle, indicating these weren’t required at sign-up. Some entries use system-generated Wired.com emails (e.g., (redacted)[email protected]), doubtless for automated or testing functions, however others embrace private emails similar to Gmail, AOL, and regional ISP addresses, confirming the info contains actual consumer accounts courting way back to 2011.
Timestamps present a mixture of older and more moderen exercise, with accounts created between 2011 and 2022, and a few having final session knowledge, whereas others don’t. This means the info was pulled from a reside or archived consumer database, not a static advertising record. Mixed, this backs the hacker’s declare of direct entry to Wired.com’s account system or a shared Condé Nast identification platform.
Pattern of claimed report counts:
The submit additional features a breakdown of information from different Condé Nast properties. Primarily based on the record shared, the hacker claims to have accessed knowledge protecting greater than 40 million accounts throughout dozens of manufacturers, together with:
- GQ (MEN) – 994,072
- Self (SELF) – 2,075,122
- Wired (WIR) – 2,366,576
- Vogue (VOG) – 1,959,212
- Attract (ALLURE) – 1,871,068
- Bon Appétit (BNA) – 2,030,162
- The New Yorker (NYR) – 6,796,525
- Glamour (GLAMOUR) – 1,461,408
- Architectural Digest (AD) -854,862
- Vainness Honest (VANITYFAIR) – 1,637,038
- Teen Vogue (TEENVOGUE) – 586,194
- Golf Digest (GOLFDIGEST) – 684,549
- Condé Nast Traveler (TVL) – 1,080,711
The record additionally contains an entry labelled “NIL,” which doesn’t match any identified Condé Nast model however comprises 9,468,938 accounts. Moreover, smaller worldwide or sub-brand segments like CNEE_UK_TAT (8327 accounts) and UVO (51,797 accounts) have been additionally included, suggesting the breach might contain centralised account infrastructure.
As of publishing, Condé Nast has not issued any public assertion confirming or denying the breach. Makes an attempt to confirm the validity of the info are ongoing, however some social media reviews have confirmed that samples comprise actual consumer account particulars, together with names, emails, and hashed credentials.
Hacker beforehand posed as a researcher
Individually, the hacker contacted different journalists, together with Dissent Doe of DataBreaches.web, posing as a good-faith safety researcher. The alternate fell aside after doubts emerged about their credibility, and so they started threatening to leak the info publicly, casting additional doubt on the remainder of their claims.
The alleged vulnerability or technique used to extract the info has not been publicly disclosed. Nonetheless, Hackread.com‘s evaluation of the leaked 2.3 million information exhibits the info is authentic.
Nonetheless, Condé Nast stays the one authority that may verify or deny the Wired.com leak and the broader breach. Till then, the info and all associated claims from the hacker ought to be handled as unverified.
It is a creating story.
