Newsletter platform Substack is notifying users of a data breach after attackers stole their email addresses and phone numbers in October 2025.
Although the incident occurred four months ago, CEO Chris Best told affected users that Substack only discovered the breach this week. However, while the attackers stole some users' data, Best added that they didn't access credentials or financial information.
"On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata," Best said in breach notification emails sent today.
"This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed."
Although Substack has yet to share how many users were affected by the incident, on Monday, a threat actor leaked a database on the BreachForums hacking forum containing 697,313 records of allegedly stolen data.
They also claim to have scraped the data and noted that "the scraping method used was noisy and patched fast."
Substack data leak on BreachForums (BleepingComputer)
While it didn't explain how the attacker gained access to the stolen data or reveal the full impact of the data breach, Substack says it has addressed the flaw exploited in the attack and warned of potential phishing attempts that could exploit the stolen information.
"We have fixed the problem with our system that allowed this to happen," Best added. "We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious."
A Substack spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
... continue reading