- Substack confirms October 2025 breach that exposed user emails, phone numbers and metadata
- CEO Chris Best assured that no financial data or credentials were accessed; hole patched and investigation underway
- BreachForums thread touts ~700,000 stolen records, despite Substack claiming no evidence of abuse to date
Substack has confirmed that threat actors broke into its systems and stole user emails and phone numbers.
On social media, people are sharing screenshots of a data breach notification letter sent to affected individuals by Substack CEO Chris Best, saying the company found “evidence of a problem with our systems” on February 3. This issue allowed an unidentified and unauthorized third party to “access restricted user data without authorization, including email addresses, phone numbers, and other internal metadata.”
Best said the breach occurred in October 2025 and that credit card information, login information and financial information were not accessed.
“Noisy” attack
He further stated that the hole that the criminals used to break into had been patched and that a full investigation is underway. Substack is also taking steps to improve our systems and processes to prevent these types of issues from occurring in the future.
Although the platform claims that there is no evidence that data has been misused in nature, Bleeping Computer found a new thread on the infamous BreachForums where a threat actor announced a database of nearly 700,000 records stolen from the company.
According to the attackers, they scraped the data quickly as the scraping method they used was “noisy and patched quickly”.
For those unfamiliar with Substack, it is a newsletter platform with social networking elements that currently boasts around 17 million users.
Substack is quite popular among writers and journalists who use to send posts directly to subscribers via email and a web page.
It’s popular because it lets creators own their audience and monetize through paid memberships, while Substack handles payments, hosting and distribution. It is commonly used for journalism, opinion writing, technical analysis, finance, culture and niche expert content.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
