Substack says intruder lifted emails, phone numbers

Substack says intruder lifted emails, phone numbers

Briefly

"The disclosure arrived in an email this week from Substack CEO Chris Best to affected users, who acknowledged the lapse in unusually no-frills language. "I'm reaching out to let you know about a security incident that resulted in the email address from your Substack account being shared without your permission," Best said in the message, seen by The Register. "This sucks. I'm sorry. We will work very hard to make sure it does not happen again.""

"According to the company, an "unauthorized third party" accessed limited user data during October 2025. The incident was not detected until February 3, when Substack reported that it had uncovered evidence that its systems had been compromised. The exposed information includes email addresses, phone numbers, and internal account metadata. Substack maintains that passwords, credit card numbers, and financial data were not touched."

"Substack's confirmation comes after a threat actor posted a dataset they said had been stolen from the platform. A post on a cybercrime forum advertised nearly 700,000 alleged user records, including names, email addresses, phone numbers, user IDs, and profile images. It's still unclear whether the trove of data circulating online is connected to the breach Substack has acknowledged. The company did not respond to questions from The Register asking how many users might be affected, what categories of data may have been exp"