A hacker utilizing the alias “Pretty” has leaked what they declare is the non-public information of over 2.3 million Wired.com customers, a distinguished American journal and web site. The leak was posted on December 20, 2025, on a newly launched hacking discussion board known as Breach Stars.
Together with a obtain hyperlink and file hash, the hacker issued a press release accusing Condé Nast, Wired’s guardian firm, of ignoring repeated warnings:
“Condé Nast doesn’t care in regards to the safety of their customers’ information. It took us a complete month to persuade them to repair the vulnerabilities on their web sites. We are going to leak extra of their customers’ information (40+ million) over the subsequent few weeks. Take pleasure in!”
Wired Knowledge
The leaked Wired.com information consists of person data with fields equivalent to full names, e-mail addresses, person ID, show names, account creation and replace timestamps, and in some circumstances, final session dates.
The excellent news is that there’s no password or cost info seen, however the presence of actual e-mail addresses and distinctive person IDs makes the leak delicate and legitimate from a privateness standpoint.
Most data present empty values for private fields like cellphone quantity, birthday, and tackle, indicating these weren’t required at sign-up. Some entries use system-generated Wired.com emails (e.g., (redacted)[email protected]), probably for automated or testing functions, however others embrace private emails equivalent to Gmail, AOL, and regional ISP addresses, confirming the information consists of actual person accounts courting way back to 2011.
Timestamps present a mixture of older and newer exercise, with accounts created between 2011 and 2022, and a few having final session information, whereas others don’t. This implies the information was pulled from a stay or archived person database, not a static advertising checklist. Mixed, this backs the hacker’s declare of direct entry to Wired.com’s account system or a shared Condé Nast identification platform.
Pattern of claimed report counts:
The put up additional features a breakdown of data from different Condé Nast properties. Primarily based on the checklist shared, the hacker claims to have accessed information overlaying greater than 40 million accounts throughout dozens of manufacturers, together with:
- GQ (MEN) – 994,072
- Self (SELF) – 2,075,122
- Wired (WIR) – 2,366,576
- Vogue (VOG) – 1,959,212
- Attract (ALLURE) – 1,871,068
- Bon Appétit (BNA) – 2,030,162
- The New Yorker (NYR) – 6,796,525
- Glamour (GLAMOUR) – 1,461,408
- Architectural Digest (AD) -854,862
- Vainness Honest (VANITYFAIR) – 1,637,038
- Teen Vogue (TEENVOGUE) – 586,194
- Golf Digest (GOLFDIGEST) – 684,549
- Condé Nast Traveler (TVL) – 1,080,711
The checklist additionally consists of an entry labelled “NIL,” which doesn’t match any identified Condé Nast model however incorporates 9,468,938 accounts. Moreover, smaller worldwide or sub-brand segments like CNEE_UK_TAT (8327 accounts) and UVO (51,797 accounts) have been additionally included, suggesting the breach could contain centralised account infrastructure.
As of publishing, Condé Nast has not issued any public assertion confirming or denying the breach. Makes an attempt to confirm the validity of the information are ongoing, however some social media reviews have confirmed that samples comprise actual person account particulars, together with names, emails, and hashed credentials.
Hacker beforehand posed as a researcher
Individually, the hacker contacted different journalists, together with Dissent Doe of DataBreaches.web, posing as a good-faith safety researcher. The alternate fell aside after doubts emerged about their credibility, they usually started threatening to leak the information publicly, casting additional doubt on the remainder of their claims.
The alleged vulnerability or methodology used to extract the information has not been publicly disclosed. Nonetheless, Hackread.com‘s evaluation of the leaked 2.3 million data exhibits the information is reliable.
Nonetheless, Condé Nast stays the one authority that may verify or deny the Wired.com leak and the broader breach. Till then, the information and all associated claims from the hacker ought to be handled as unverified.
It is a creating story.
