Earlier this month, a hacker named Pretty claimed to have breached a Condé Nast person database and launched a listing of greater than 2.3 million user records from our sister publication WIRED. The launched supplies include demographic info (identify, electronic mail, deal with, telephone, and so forth.) however no passwords.
The hacker additionally says that they are going to launch an extra 40 million data for different Condé Nast properties, together with our different sister publications Vogue, The New Yorker, Vainness Truthful, and extra. Of essential observe to our readers, Ars Technica was not affected as we run on our personal bespoke tech stack.
The hacker stated that they’d urged Condé Nast to patch vulnerabilities to no avail. “Condé Nast doesn’t care in regards to the safety of their customers knowledge,” the hacker wrote. “It took us a complete month to persuade them to repair the vulnerabilities on their web sites. We are going to leak extra of their customers’ knowledge (40+ million) over the following few weeks. Take pleasure in!”
It’s unclear how altruistic the motive actually was. DataBreaches.Net says that Lovely misled the site into believing that the hacker was attempting to assist patch vulnerabilities, when in actuality, it seems that the hacker is a “cybercriminal” in search of a payout. “As for ‘Pretty,’ they performed me. Condé Nast ought to by no means pay them a dime, and nobody else ought to ever, as their phrase clearly can’t be trusted,” wrote DataBreaches.Web.
Condé Nast has not issued a press release, and we’ve got not been knowledgeable internally of the hack (which isn’t stunning, since Ars isn’t affected).
Hudson Rock’s InfoStealers has an excellent rundown of what has been uncovered.
