"The company said that in October, an "unauthorized third party" accessed user data, including email addresses, phone numbers, and other unspecified "internal metadata." Substack specified that more sensitive data, such as credit card numbers, passwords, and other financial information, was unaffected. In an email sent to users, Substack chief executive Chris Best said that the company identified the issue in February that allowed someone to access its systems. Best said that the company has fixed the problem and started an investigation."
"Best said that the company has fixed the problem and started an investigation. "I'm reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission," said Best in the email to users. "I'm incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.""
An unauthorized third party accessed Substack systems in October, exposing user email addresses, phone numbers, and unspecified internal metadata. Sensitive payment information, passwords, and other financial details were not affected. The company identified the access in February, remediated the vulnerability, and began an investigation. The company notified users by email and urged caution with unexpected emails and texts. The company has not disclosed the number of affected users, the precise vulnerability, or whether ransom demands occurred. The company reported no evidence of misuse so far but did not explain detection methods or provide technical evidence of monitoring.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]