Substack has disclosed a security incident in which an unauthorized intruder accessed user contact details, including email addresses and phone numbers, months before the breach was detected. This revelation was communicated to affected users by Substack CEO Chris Best, who expressed regret over the incident.
Details of the Breach
The breach occurred in October 2025, but it was not until February 3, 2026, that Substack identified evidence of the compromise. According to Best, the intrusion resulted in the sharing of user email addresses and other account metadata without consent. Importantly, the company stated that passwords, credit card numbers, and financial information were not compromised.
Response and Investigation
In response to the breach, Substack has patched the vulnerability that allowed the unauthorized access and is conducting a comprehensive internal investigation. The company has also indicated that there is currently no evidence suggesting that the stolen data is being actively misused. However, users are being advised to remain vigilant for potential phishing attempts or suspicious emails.
Connection to Online Data Claims
The breach comes amid reports of a dataset being circulated on a cybercrime forum, which allegedly contains nearly 700,000 user records from Substack, including names, email addresses, phone numbers, user IDs, and profile images. It remains unclear whether this dataset is directly linked to the breach that Substack has acknowledged.
Implications for Substack
This incident poses significant risks for Substack, as trust is fundamental to its business model, which relies on the relationship between writers and their subscribers. The potential exposure of mailing lists could provide scammers with access to a targeted audience of engaged readers.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
