2.3M WIRED Subscriber Records Leaked in Condé Nast Data Breach | eSecurity Planet
Threats
SHARE
Facebook X Pinterest WhatsApp

2.3M WIRED Subscriber Records Leaked in Condé Nast Data Breach

Condé Nast breach exposes 2.3 million WIRED subscriber records.

Written By
Ken Underhill
Ken Underhill
Dec 29, 2025
3 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

A data breach tied to WIRED has exposed more than 2.3 million subscriber records. 

The incident became public on Dec. 25, 2025, when a threat actor group published a database it claimed was scraped directly from Condé Nast systems. 

We “… identified legitimate subscriber credentials for wired.com within global infostealer infection logs,” said researchers.

What Data Was Exposed in the WIRED Breach

The leaked dataset includes approximately 2.3 million email addresses, nearly 286,000 subscriber names, more than 100,000 physical addresses, and over 32,000 phone numbers. 

Records appear in JSON format and include user IDs, account creation dates ranging from 2011 to 2022, and activity timestamps as recent as Sept. 8, 2025. 

Screenshots posted to BreachForums and Breach Stars suggest the data is shared across Condé Nast publications, including Vogue, Vanity Fair, GQ, and Architectural Digest.

Security researchers at Hudson Rock validated the authenticity of the WIRED data by correlating it with RedLine and Raccoon infostealer logs, identifying a high overlap with previously compromised credentials. 

While no passwords or payment card data were included in the initial leak, the exposed personally identifiable information (PII) elevates the risk of phishing, account takeover, doxing, and social engineering attacks.

IDOR and Broken Access Controls Behind the Breach

According to researchers’ analysis, the breach stemmed from Insecure Direct Object References (IDOR) — a class of access control flaws that allow attackers to access backend objects simply by manipulating user-controlled identifiers such as account or profile IDs. 

In this case, subscriber profiles were indexed by predictable, sequential identifiers, making them susceptible to enumeration.

By systematically iterating through these IDs, attackers were able to query the underlying application programming interfaces (APIs) and retrieve subscriber records at scale. 

Because the backend failed to consistently enforce authorization checks, the system did not properly verify whether the requester was entitled to access each profile before returning the data.  

The risk was compounded by broken access controls on account management endpoints. 

Researchers report that certain endpoints responsible for handling profile updates lacked sufficient authentication and authorization safeguards. 

As a result, unauthenticated users could not only view sensitive subscriber data but, in some cases, modify profile attributes such as email addresses and passwords.  

Together, these weaknesses enabled attackers to perform bulk data exfiltration without completing a full authentication flow.

Advertisement

Hardening Identity Systems Against Abuse

The following measures outline actions security teams can take to harden account systems, limit blast radius, and detect abuse.

  • Audit and enforce object-level authorization on all account and profile APIs to prevent IDOR-style access and unauthorized data exposure.
  • Implement rate limiting, request throttling, and API gateway or WAF rules to detect and block large-scale enumeration and scraping activity.
  • Replace sequential identifiers with non-guessable object IDs and segment shared identity systems to reduce attack surface and blast radius.
  • Require multifactor authentication for logins and sensitive account actions such as email changes, password resets, and profile updates.
  • Enhance monitoring and logging for identity services to identify abnormal access patterns.

Together, these measures help strengthen the resilience of identity and account systems against both targeted and large-scale abuse.

When Identity Scale Becomes a Security Risk

The incident reinforces a common risk in digital publishing and SaaS environments, where centralized identity architectures drive efficiency and scale but can also amplify the impact of access control weaknesses when they occur.   

These failures often stem from inconsistent authorization enforcement rather than advanced attacker techniques.

As a result, many organizations are increasingly looking to zero-trust architectures to eliminate implicit trust and enforce authorization consistently across identity and access layers.
Ken Underhill

Ken Underhill is an award-winning cybersecurity professional, bestselling author, and seasoned IT professional. He holds a graduate degree in cybersecurity and information assurance from Western Governors University and brings years of hands-on experience to the field.

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

facebook
linkedin
x

Company

About us Contact us Advertise with us

Categories

Best Products Resources Networks Cloud Threats Trends Endpoint Applications Compliance

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information