Earlier this month, a hacker named Lovely claimed to have broken into the Condé Nast user database and released a list of more than 2.3 million user records to our sister publication WIRED. The released materials contain demographic information (name, email, address, phone, etc.) but no passwords.
The hackers also say they will release an additional 40 million records for other Condé Nast properties, including our other sister publications. circulation, the new Yorker, Vanity Fairand more. Important information for our readers, Ars Technica Not affected as we ran our own particular technology stack.
The hacker said he had urged Condé Nast to fix the vulnerabilities but to no avail. “Condé Nast does not care about the security of its users’ data,” the hacker wrote. “It took us a whole month to convince them to fix the vulnerabilities on their websites. We’ll be leaking more of their users’ data (40+ million) over the next few weeks. Enjoy!”
It is unclear how altruistic the purpose actually was. DataBreaches.Net says Lovely misled the site into believing the hacker was trying to help patch vulnerabilities, when in fact, it appears the hacker is a “cyber criminal” looking for payment. DataBreaches.Net wrote, “As for ‘Lovely’, he played me. Condé Nast should never have paid him a penny, and neither should anyone else, because he clearly can’t be trusted.”
Condé Nast has not issued any statement, and we have not been informed internally about the hack (which is not surprising, since Arce is not affected).
The Infostealers of Hudson Rock have an excellent description of what has been exposed.
<a href