Condé Nast Data Breach Exposed, Ars Remains Secure
▼ Summary
– A hacker named Lovely breached a Condé Nast database, releasing over 2.3 million WIRED user records containing demographic information but no passwords.
– The hacker claims they will release an additional 40 million records from other Condé Nast properties like Vogue and The New Yorker, though Ars Technica was not affected.
– Lovely stated they attempted to get Condé Nast to patch vulnerabilities for a month before the leak, accusing the company of not caring about user data security.
– A security site, DataBreaches.Net, alleges the hacker misled them and is likely a cybercriminal seeking a payout, not acting altruistically.
– Condé Nast has not issued a public statement on the breach, and Ars Technica notes it has not been internally informed, as it operates on a separate system.
A significant data breach has impacted media giant Condé Nast, exposing sensitive user information from several of its high-profile publications. A hacker using the alias “Lovely” recently released a trove of data containing over 2.3 million user records from WIRED. This leaked information includes personal demographic details such as names, email addresses, physical addresses, and phone numbers. Importantly, the dataset did not contain user passwords. The individual behind the breach has also announced intentions to release an additional 40 million records from other Condé Nast properties in the coming weeks, potentially affecting subscribers to Vogue, The New Yorker, and Vanity Fair.
For readers of this publication, it is crucial to understand that Ars Technica operates on a completely separate and independent technology infrastructure. This bespoke system means our user databases were not part of the compromised Condé Nast network, and our community’s data remains secure. The hacker claimed their actions were motivated by a failure to address security flaws, stating they spent a month trying to convince the company to patch vulnerabilities before deciding to leak the data. They publicly accused Condé Nast of neglecting user data security.
However, the true motives appear more complex and less altruistic. According to reports from the cybersecurity watchdog site DataBreaches.Net, the hacker misled them about their intentions. Initially presenting as a helpful party aiming to improve security, “Lovely” is now characterized as a cybercriminal likely seeking a financial payout. The site has advised that no ransom should be paid, emphasizing that the hacker’s word cannot be trusted. Condé Nast has not yet released an official public statement regarding the incident. An internal notification was not issued to all properties, which is consistent given that only certain brands within the portfolio were affected.
Security analysts have begun examining the scope of the exposed data. A detailed analysis from Hudson Rock’s InfoStealers provides a comprehensive breakdown of what information was accessed and the potential risks for impacted users. This incident underscores the persistent threats in the digital landscape and the importance of robust, segmented security architectures for protecting user information across large media organizations.
(Source: Ars Technica)
