**BREAKING: Popular Newsletter Platform Substack Notifies Users of Data Breach**

Substack, the popular newsletter platform that has revolutionized the way independent journalists and content creators connect with their audiences, has notified its users of a significant data breach. The incident, which occurred in October 2025 but only recently discovered by the company's leadership, has left thousands of users concerned about the security of their personal information.

According to an email sent to affected users by Substack CEO Chris Best, attackers stole email addresses and phone numbers from the platform's systems. Although the incident occurred four months ago, Best assured users that the breach was only discovered this week. Thankfully, it appears that the attackers did not access sensitive information such as credit card numbers, passwords, or financial details.

"On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata," Best explained in the breach notification emails. "This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed."

While Substack has yet to reveal the exact number of users affected by the incident, a threat actor on the BreachForums hacking forum claimed to have leaked a database containing 697,313 records of allegedly stolen data. The attacker also boasted about using a "noisy and patched fast" scraping method to obtain the information.

Substack has since addressed the flaw exploited in the attack and warned users of potential phishing attempts that could exploit the stolen information. Best assured users that safeguards have been put in place to prevent similar incidents from occurring in the future.

"We have fixed the problem with our system that allowed this to happen," Best added. "We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious."

Substack's data breach is the latest in a series of high-profile incidents affecting popular online platforms. Just last year, the company experienced a similar issue when it accidentally exposed some users' email addresses in a privacy policy update email.

Since its launch in 2017, Substack has gained popularity among independent journalists and content creators, reaching an impressive five million paid subscriptions by March 2025. The platform's commitment to user security is essential to maintaining the trust of its growing community.

**UPDATE:** A spokesperson for Substack provided a statement to BleepingComputer regarding the incident: "We have taken steps to prevent this issue from happening again, and we are committed to keeping our users' information secure. We appreciate your understanding in this matter."

**Related Stories:**

* Flickr Discloses Potential Data Breach Exposing Users' Names, Emails * Data Breach at Fintech Firm Betterment Exposes 1.4 Million Accounts * Iron Mountain: Data Breach Mostly Limited to Marketing Materials * Panera Bread Breach Impacts 5.1 Million Accounts, Not 14 Million Customers * France Fines Unemployment Agency €5 Million Over Data Breach