Newsletter platform Substack is notifying users of a data breach after attackers stole their email addresses and phone numbers in October 2025.
Although the incident occurred four months ago, CEO Chris Best told affected users that Substack only discovered the breach this week. However, while the attackers stole some users’ data, Best added that they didn’t access credentials or financial information.
“On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata,” Best said in breach notification emails sent today.
“This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.”
Although Substack has yet to share how many users were affected by the incident, on Monday, a threat actor leaked a database on the BreachForums hacking forum containing 697,313 records of allegedly stolen data.
They also claim to have scraped the data and noted that “the scraping method used was noisy and patched fast.”
While it didn’t explain how the attacker gained access to the stolen data or reveal the full impact of the data breach, Substack says it has addressed the flaw exploited in the attack and warned of potential phishing attempts that could exploit the stolen information.
“We have fixed the problem with our system that allowed this to happen,” Best added. “We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.”
A Substack spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
Almost six years ago, in July 2020, Substack accidentally exposed some users’ email addresses in a privacy policy update email by including them in the ‘to’ line instead of the ‘bcc’ field.
Since its launch in 2017, Substack has gained popularity among independent journalists and content creators, reaching five million paid subscriptions by March 2025.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.