- Substack confirms October 2025 breach that exposes user emails, phone numbers, and metadata
- CEO Chris Best assured that no financial data or credentials were accessed; patched hole and ongoing investigation
- BreachForums thread announces ~700,000 stolen records, despite Substack claiming no evidence of abuse so far
Substack has confirmed that threat actors broke into its systems and stole users’ emails and phone numbers.
On social media, people are sharing screenshots of a data breach notification letter, sent to affected people by Substack CEO Chris Best, saying the company found “evidence of an issue with our systems” on February 3. This issue allowed an unidentified and unauthorized third party to “access limited user data without permission, including email addresses, phone numbers, and other internal metadata.”
Best said the breach took place in October 2025 and that no credit card information, login credentials or financial information was accessed.
“Noisy” attack
He further said that the hole that the miscreants used to open has been repaired and a full investigation is underway. Substack is also “taking steps to improve our systems and processes to prevent this type of issue from occurring in the future.”
While the platform claims there is no evidence that data has been abused in the wild, beepcomputer I found a new thread on the infamous BreachForums, in which a threat actor was advertising a database of nearly 700,000 stolen company records.
According to the attackers, they extracted the data quickly, as the extraction method they used was “noisy and quickly patched.”
For those unfamiliar with Substack, it’s a newsletter platform with social media elements that has about 17 million users right now.
Substack is quite popular among writers and journalists who often send posts directly to subscribers via email and a website.
It’s popular because it allows creators to own their audience and earn money through paid memberships, while Substack takes care of payments, hosting, and distribution. It is commonly used for journalism, opinion writing, technology analysis, finance, culture, and specialized expert content.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
