On December 20, 2025, a threat actor called ‘Lovely’ posted a 2.366 million-record database from WIRED.com on the Breach Stars forum, selling access for approximately $2.30. Exposed data included full names, email addresses, user IDs, display names, and account timestamps; no passwords or payment data were in the dataset. The actor claimed the breach exploited IDOR vulnerabilities in Condé Nast’s shared identity platform and threatened to release records for 40 million users across other Condé Nast titles, claiming prior vulnerability reports were ignored by the company. Condé Nast and WIRED had not publicly confirmed the incident as of publication. Have I Been Pwned indexed the breach.