E-newsletter platform Substack is notifying customers of a data breach after attackers stole their e-mail addresses and cellphone numbers in October 2025.
Though the incident occurred 4 months in the past, CEO Chris Greatest advised affected customers that Substack solely found the breach this week. Nevertheless, whereas the attackers stole some customers’ information, Greatest added that they did not entry credentials or monetary info.
“On February third, we recognized proof of an issue with our methods that allowed an unauthorized third social gathering to entry restricted consumer information with out permission, together with e-mail addresses, cellphone numbers, and different inside metadata,” Greatest mentioned in breach notification emails despatched right now.
“This information was accessed in October 2025. Importantly, bank card numbers, passwords, and monetary info weren’t accessed.”
Though Substack has but to share what number of customers had been affected by the incident, on Monday, a risk actor leaked a database on the BreachForums hacking discussion board containing 697,313 information of allegedly stolen information.
Additionally they declare to have scraped the information and famous that “the scraping technique used was noisy and patched quick.”
Whereas it did not clarify how the attacker gained entry to the stolen information or reveal the total impression of the data breach, Substack says it has addressed the flaw exploited within the assault and warned of potential phishing makes an attempt that would exploit the stolen info.
“Now we have mounted the issue with our system that allowed this to occur,” Greatest added. “We would not have proof that this info is being misused, however we encourage you to take additional warning with any emails or textual content messages you obtain that could be suspicious.”
A Substack spokesperson was not instantly out there for remark when contacted by BleepingComputer earlier right now.
Nearly six years in the past, in July 2020, Substack unintentionally uncovered some customers’ e-mail addresses in a privateness coverage replace e-mail by together with them within the ‘to’ line as an alternative of the ‘bcc’ discipline.
Since its launch in 2017, Substack has gained recognition amongst unbiased journalists and content material creators, reaching 5 million paid subscriptions by March 2025.
Fashionable IT infrastructure strikes sooner than handbook workflows can deal with.
On this new Tines information, learn the way your staff can cut back hidden handbook delays, enhance reliability by way of automated response, and construct and scale clever workflows on prime of instruments you already use.
