Substack confirms data breach impacts customers’ e-mail addresses and telephone numbers

E-newsletter platform Substack has confirmed a data breach in an e-mail to customers. The corporate mentioned that in October, an “unauthorized third get together” accessed person information, together with e-mail addresses, telephone numbers, and different unspecified “inside metadata.”

Substack specified that extra delicate information, comparable to bank card numbers, passwords, and different monetary info, was unaffected.

In an e-mail despatched to customers, Substack chief government Chris Greatest mentioned that the corporate recognized the difficulty in February that allowed somebody to entry its programs. Greatest mentioned that the corporate has fastened the issue and began an investigation.

“I’m reaching out to let you understand a few security incident that resulted within the e-mail tackle and telephone quantity out of your Substack account being shared with out your permission,” mentioned Greatest within the e-mail to customers. “I’m extremely sorry this occurred. We take our duty to guard your information and your privateness severely, and we got here up quick right here.”

It’s not clear what precisely the difficulty was with its programs, and the scope of the information that was accessed. It’s additionally not but identified why the corporate took 5 months to detect the breach, or if the corporate was contacted by hackers demanding a ransom. information.killnetswitch requested the corporate for extra particulars, and we are going to replace our story if we hear again.

Substack didn’t say what number of customers are affected. The corporate mentioned that it doesn’t have any proof that customers’ information is being misused, however didn’t say what technical means, comparable to logs, it has to detect proof of abuse. Nevertheless, the corporate requested customers to take warning with emails and texts with none specific indicators or path.

On its web site, Substack says that its website has greater than 50 million energetic subscriptions, together with 5 million paid subscriptions — a milestone it reached final March. In July 2025, the corporate raised $100 million in Sequence C funding led by BOND and The Chernin Group (TCG) with participation from a16z, Klutch Sports activities Group CEO Wealthy Paul, and Skims co-founder Jens Grede.