Featured image of post Substack Data Breach: CEO Notifies Users After October 2025 Security Incident
Cybersecurity

Substack Data Breach: CEO Notifies Users After October 2025 Security Incident

Substack, the popular newsletter platform, has confirmed a significant data breach affecting thousands of users, with CEO Chris Best notifying the community through an email posted on social media.

What Happened

The security breach occurred in October 2025 but went undetected for months. The company only identified the issue on February 3, 2026, when it discovered that an “unauthorized third party” had accessed limited user data without permission. According to reports, hackers leaked approximately 697,313 user records on dark web forums.

Data Compromised

The exposed information includes:

  • Email addresses
  • Phone numbers
  • Internal metadata
  • Profile pictures
  • User IDs
  • Biographies
  • Account creation dates
  • Social media handles

Critically, Substack confirmed that credit card numbers, passwords, and financial information were not compromised, providing some relief to concerned users.

Company Response

Substack has taken immediate action to address the vulnerability. The company stated that it has fixed the security flaw that allowed the breach and launched a full investigation into the incident. Best acknowledged the company’s responsibility in the breach, expressing regret in communications to affected users.

The platform has also committed to improving its systems and processes to prevent similar incidents in the future, though details about the specific vulnerability remain unclear. TechCrunch reported that the company did not disclose why it took five months to detect the breach.

User Recommendations

Substack has advised affected account holders to remain vigilant for suspicious emails and text messages. While the company currently has no evidence that the stolen data is being misused, security experts recommend users monitor their accounts and consider enabling two-factor authentication where available.

The company also recommends users exercise heightened caution regarding potential phishing attacks, as malicious actors often exploit such breaches to launch targeted scams.

Context and Scale

Substack operates over 50 million active subscriptions, including 5 million paid subscriptions, making the platform a significant hub for content creators and newsletter publishers. The breach raises questions about data security practices among major tech platforms and the importance of robust cybersecurity infrastructure for companies handling sensitive user information.

This incident serves as a reminder that cybersecurity remains an evolving challenge even for established technology companies, and users should stay informed about their digital safety practices.

Photo by TheDigitalArtist on Pixabay