Earlier this month, a hacker named Lovely said he had hacked Condé Nast's user database and published a list of more than 2.3 million user posts from our sister publication WIRED. Posted content contains demographic information (name, email, address, telephone, etc.) but does not contain passwords.
The hacker also reports that they will publish another 40 million records for other Condé Nast properties, including our other sister publications. Fashion, New Yorker, Vanity Fairand much more. Important note for our readers: Ars Technique this had no impact since we use our own technology stack.
The hacker said they unsuccessfully called on Condé Nast to fix the vulnerabilities. “Condé Nast does not care about the security of its users’ data,” the hacker wrote. “It took us a whole month to convince them to fix the vulnerabilities on their websites. Over the next few weeks we will leak even more data from their users (over 40 million). Enjoy!”
It is unclear how altruistic the motive actually was. DataBreaches.Net claims Lovely misled the site believe that the hacker was trying to help fix vulnerabilities, when in fact it turns out that the hacker is a “cybercriminal” looking for a reward. “As for Lovely, they played a joke on me. Condé Nast should never pay them a penny, and no one else should ever pay them, because their word clearly cannot be trusted,” writes DataBreaches.Net.
Condé Nast did not release a statement, and we were not informed of the hack (which is not surprising since Ars was not affected).
Hudson Rock's InfoStealers has a great summary. what has been exposed.
