Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to threat actors

Lovely

Also known aslovely

Lovely is a threat actor/criminal group associated with the late-2025 Condé Nast data breach and extortion activity. Reporting attributes to Lovely the leak of a database containing more than 2.3 million WIRED subscriber records and threats to release or sell up to roughly 40 million additional records from other Condé Nast brands, including publications such as Vogue, The New Yorker, Vanity Fair, GQ, Glamour, Architectural Digest, Teen Vogue, and Condé Nast Traveler. Lovely is also reported to have offered the broader Condé Nast dataset for sale on cybercrime forums. Across the reporting, Lovely claimed the data was released after Condé Nast failed to respond to repeated vulnerability reports. In November 2025, Lovely reportedly posed as a researcher under the name "Dissent Doe" and contacted DataBreaches.net regarding vulnerabilities affecting Condé Nast. The content states that the actor later leaked the data after alleging the company ignored the reports. The leaked WIRED data is described as including email addresses, names, home addresses, phone numbers, birthdays, user IDs, display names, and account metadata such as creation, update, and last-session timestamps. Multiple reports cited in the content state that passwords and payment card data were not included in the initial leak. The data was posted on hacking forums including Breach Stars, and some reporting says access to the archive was offered for a small amount of forum credits. The intrusion is described in the content as exploiting broken access controls and IDOR vulnerabilities in Condé Nast’s centralized identity platform, allowing unauthorized access to user profile data and, in some reports, modification of account information. The content also notes that the data appeared in structured JSON format, consistent with direct access to internal account endpoints. Security researchers and public breach-notification services reportedly validated or indexed the leaked data. Based on the provided content, Lovely is financially and coercively motivated, using public leaks, sale offers, and threats of further disclosure to pressure the victim organization. Known aliases directly mentioned in the content are Lovely and the persona "Dissent Doe." No nation-state attribution is stated in the provided material.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

  • media
  • publishing
ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
socradar blogNews
Jan 12, 2026
December 2025: Coupang & WIRED Data Leaks, Record DDoS, React2Shell Exploitation

Leaked a dataset of ~2.3M WIRED subscriber records on underground forums and claimed (unverified) broader access affecting Condé Nast users; leak materials suggest direct access to internal account endpoints rather than scraping.

Read more
wired com securityNews
Jan 9, 2026
Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records

Lovely is known for leaking and selling large databases of user records from high-profile companies, most recently offering nearly 40 million user records allegedly from Condé Nast subsidiary websites, including Wired.com.

Read more
register securityNews
Dec 29, 2025
Crims disconnect Wired subscribers from their privacy, publish deets online

Lovely is conducting extortion and data leak operations against Conde Nast, publishing sensitive subscriber data after the company did not respond to their demands. They threaten to leak more data if their demands are not met.

Read more
cyber security newsNews
Dec 29, 2025
Hackers Claim Breach of WIRED Database Containing 2.3 million Subscriber Records

Lovely is responsible for leaking over 2.3 million WIRED subscriber records and claims to have access to up to 40 million more records from Condé Nast brands. The actor exploited vulnerabilities in Condé Nast's shared identity system, including IDOR and broken access controls, to exfiltrate large amounts of PII. Lovely initially attempted to notify the company of the vulnerabilities but, after receiving no response, leaked the data as a form of protest.

Read more
+4 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.