Substack, a prominent digital platform known for facilitating subscription-based publishing, has reported a security breach that resulted in unauthorized access to user data. The breach, which was first detected in February, was traced back to an incident that occurred in October 2025.
Details of the Breach
Substack has informed its users about the security lapse that involved the exposure of email addresses, phone numbers, and internal metadata. However, the company assured that sensitive information like passwords and payment details remained secure. This breach was brought to light after a hacker disclosed user data on an online forum.
The hacker claims to have accessed nearly 700,000 records by scraping the platform, including names, profile pictures, and user biographies. They described the breach as ‘noisy,’ which prompted Substack to implement rapid countermeasures.
Company’s Response to the Incident
Substack’s CEO, Chris Best, has communicated with users, emphasizing that there is no evidence suggesting the misuse of the leaked information. The company has urged users to remain vigilant against potential phishing attempts via suspicious emails or texts.
Despite the breach, Substack reassures users that core financial data has not been compromised, and they remain committed to enhancing their security infrastructure to prevent future incidents.
Impact and Broader Context
The breach at Substack follows a series of similar incidents affecting other companies, highlighting the growing threat of cybercrime in digital services. Such breaches emphasize the need for robust cybersecurity measures to protect user information in an increasingly interconnected world.
As Substack continues to address this issue, users and digital platforms alike are reminded of the critical importance of safeguarding personal data against unauthorized access and potential misuse.
This incident serves as a stark reminder of the vulnerabilities that exist in digital platforms and the continuous efforts required to protect user data from cyber threats.
