A hacker just exposed 2.4 million Wired subscriber accounts. Plus, they claim to have stolen data from dozens of other Condé Nast publications.

The breach surfaced late December when Have I Been Pwned flagged compromised accounts. Stolen data includes email addresses, display names, and for some unlucky subscribers, phone numbers, birth dates, physical addresses, and gender information.

Here’s what makes this breach particularly nasty. The hacker didn’t just hit Wired. They claim to have swiped 40 million additional records from Condé Nast’s massive publication empire.

Who Else Got Hit

Condé Nast owns way more than just Wired. Their portfolio reads like a magazine rack at an airport bookstore.

The company hasn’t confirmed which publications leaked data. But their brand list includes some heavy hitters: The New Yorker, Vogue, GQ, Vanity Fair, Ars Technica, Pitchfork, Bon Appétit, and about 15 others.

One bright spot? Ars Technica runs separate tech infrastructure. Their team confirmed they shouldn’t be affected despite being under the Condé Nast umbrella.

Still, that leaves millions of subscribers across two dozen publications potentially exposed. The breach reportedly dates back to September 2025, meaning this data sat vulnerable for months.

What Data Actually Leaked

Not every account lost the same information. The basic exposure includes email addresses and display names. That’s bad enough for spam and phishing campaigns.

But here’s where it gets worse. A smaller subset of users had way more personal details stolen: full names, phone numbers, birth dates, gender, and complete physical addresses.

Hacker exposed 2.4 million Wired subscriber accounts from Condé Nast

Think about what scammers can do with that combination. They can craft convincing phishing emails referencing your actual subscription. They can call your phone claiming to be from Condé Nast customer service. They can even send physical mail that looks official.

Geographic location data leaked too. Even if your full address didn’t get stolen, scammers now know roughly where you live.

The Scams You Should Watch For

Subscription renewal scams will hit first. Expect emails claiming your credit card failed to process for your Wired or GQ subscription. The fake notices will look official, complete with Condé Nast branding.

Product scams come next. Subscribe to Vogue? Watch for “exclusive fashion deals.” Read Bon Appétit? Fake kitchen gadget offers are coming. The publications you actually read make these scams more believable.

Phone scams are ramping up too. Someone calls claiming to be from Condé Nast customer service. They already have your name, phone number, and subscription details. That makes them sound legitimate before they ask for payment information to “verify your account.”

Physical mail scams represent the sneakiest threat. A letter arrives at your actual address with official-looking Condé Nast logos. It claims you won a prize or need to update billing information. Many people trust physical mail more than email, making these scams particularly effective.

Check If You’re Affected

Head over to Have I Been Pwned and search your email address. The site tracks data breaches and shows which leaks included your information.

Better yet, sign up for automatic notifications. Any time your email appears in a new breach, HIBP sends you an alert. That beats constantly checking manually.

Subscription renewal scams and phone scams targeting leaked subscriber data

Some antivirus subscriptions include built-in breach monitoring too. Norton, McAfee, and Bitdefender all offer this feature in their premium tiers.

What Condé Nast Still Won’t Say

The company acknowledged the breach but released minimal details. They haven’t confirmed which publications beyond Wired got hit. They haven’t specified how many accounts leaked full personal information versus just emails.

Most frustrating? No clear timeline for when they discovered the breach or how long hackers had access. The stolen data dates to September 2025, but when did Condé Nast learn about it?

This opacity makes it harder for subscribers to protect themselves. People can’t assess their risk without knowing which publications leaked which data.

The Real Problem Here

Magazine subscriptions used to mean handing over an address for delivery. Now they require full digital profiles with payment information, browsing history, and personal preferences.

Publishers collect this data to sell targeted advertising and improve recommendations. But that same data becomes a jackpot when security fails.

Condé Nast isn’t alone here. Media companies generally invest less in cybersecurity than tech or finance companies. Their business model doesn’t depend on security reputation the same way a bank’s does.

So these breaches will keep happening until publishers either beef up security or face real consequences for losing subscriber data. Neither seems likely soon.

Stay alert for scams. Check your breach status. Consider whether that magazine subscription is worth the privacy risk.