In late 2025, the media world was hit by a significant data exfiltration. Currently, the WIRED subscriber database has been leaked for free, exposing millions of records. However, the threat actor indicates that this is merely the beginning.
Hudson Rock researchers have authenticated the 2.3 million record WIRED leak using infostealer infection data. More alarmingly, the hacker claims that a much larger database consisting of 40,000,000 lines related to Condé Nast will be released soon. This impending leak is expected to impact major publications including Vogue, The New Yorker, and Vanity Fair.
Our validation of the current data confirms it is legitimate and fresh, with entries as recent as September 8, 2025.
Can’t they say what data has been stolen? It’s kinda important.
This isn’t great, but it has more information than the above, with links to other sources:
https://old.reddit.com/r/cybersecurity/comments/1pwvji3/did_wired_have_a_breach_on_122325/Alternate link:
https://redlib.catsarch.com/r/cybersecurity/comments/1pwvji3/did_wired_have_a_breach_on_122325/
I remember in the mid 90s I was looking at Linux World’s website and they had just implemented account registrations that same day. I was fuzzing the website and they had left directory browsing enabled and the users, passwords, and email was sitting in a plain text flat file that was world readable.
I emailed them, didn’t get a response but within the hour the registration/login was disabled along with no more directory browsing.
Up until a mere few years ago the entire Makita tools warranty registration database was coming up in Google searches. All you had to do was take whatever person’s info you got in your search result and incriment the number in the url to go through the whole database person by person. I emailed their support many times and they did nothing - eventually found a legal email and then the same thing happened like you had - fixed in a day, never even got a thank you (or a truck of free tools delivered 😂). I was surprised to see such a poorly designed system in the year it was.
The zip archive is protected by a password, and I’d appreciate being able to verify if my data is actually in this breach as I’m a WIRED subscriber. If anyone has the password to the breach file, please let me know. (the only other way to acquire the password is to quite literally just pay the forum user who posted the breach, and I’d rather not do that.)
My email doesn’t show as breached on common sites used to check for that, like Have I Been Pwned, but I’ve seen many instances of only some password managers/dark web scanners seeing someone’s data in a breach, while others won’t even with the same data on the user being checked.
Glad I gave them a virtual card number for Wired.com
I don’t believe card details are in there as they use a separate payment provider. (If I go to my account management page and attempt to modify my payment method, the page begins making many requests to Stripe)
But hey, it’s still got names, addresses, phone numbers, emails, all that jazz.
