**Hacker Claims Theft of Data from 700,000 Substack Users; Company Confirms Breach**

Substack, a popular online platform for publishing email-based newsletters and blogs, has confirmed a data breach after a hacker claimed to have stolen nearly 700,000 records from the company. The compromised user data includes email addresses and phone numbers, with no evidence of passwords or financial information being accessed.

According to an internal message sent by CEO Chris Best to impacted users on February 3rd, 2026, the security breach occurred in October 2025. The message reads: "I'm reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission."

The company has disclosed that an unauthorized third party accessed limited user data, including email addresses, phone numbers, and internal metadata. However, credit card numbers, passwords, and financial information were not accessed, according to the message.

But some security experts have raised concerns about the nature of the breached data. "In a world of 2FA & SIM swaps, email + phone IS critical data," tweeted one expert, highlighting the potential risks associated with compromised contact information.

The hacker's claim on a cybercrime forum has been verified by Substack, which launched an investigation into the security breach and took steps to enhance the security of its infrastructure. "We have fixed the problem with our system that allowed this to happen," the company stated. "We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future."

Substack is urging users to take extra caution when receiving suspicious emails or text messages. While there is no evidence of misuse so far, the company advises users to stay alert and report any potential security incidents.

For its users, Substack provides a platform for creators to publish email-based newsletters and blogs with built-in paid subscriptions and basic analytics. The company serves tens of thousands of writers and over 35 million active readers worldwide, making it one of the most popular platforms in the industry.

**What You Can Do**

While there is no evidence of misuse so far, Substack encourages users to take extra precautions:

  • Be cautious with any emails or text messages that may be suspicious
  • Report any potential security incidents to the company
  • Take steps to enhance your own online security measures

**Follow Us**

Stay up-to-date on the latest cybersecurity news and trends by following us on Twitter (@securityaffairs) and Facebook. You can also connect with us on Mastodon for the latest security insights.