Substack Data Breach Exposes Email Addresses and Phone Numbers for Months
SAN FRANCISCO, Calif. — Substack, the widely used platform that enables writers and creators to send newsletters directly to subscribers, confirmed a data breach that exposed user email addresses, phone numbers, and internal account metadata. The unauthorized access occurred in October 2025 but was not detected until February 2026, leaving sensitive user information vulnerable for several months before the company publicly acknowledged the incident.
In a message to affected users on February 4, Substack CEO and co-founder Chris Best expressed regret over the breach, stating, “I’m incredibly sorry this happened. We take our responsibility to protect your information seriously.” While the exposed data included contact details and metadata, Substack emphasized that more sensitive information such as passwords, credit card numbers, and financial data were not compromised.
The delayed discovery of the breach has sparked questions about the platform’s security monitoring and response protocols. Cybersecurity experts warn that prolonged exposure of user data increases the risk of phishing attacks and identity theft. The incident serves as a reminder of the growing threat landscape facing digital platforms that store vast amounts of personal information.
Substack’s breach highlights the importance of vigilance among users and companies alike. The Cybersecurity and Infrastructure Security Agency (CISA) recommends that users enable multi-factor authentication and remain alert for suspicious communications following such incidents. Meanwhile, organizations are urged to implement continuous monitoring and rapid incident response strategies to reduce exposure time.
This breach also draws attention to the challenges faced by newsletter services that have surged in popularity as creators seek direct engagement with audiences. While Substack has become a key platform for independent journalism and commentary, the incident underscores the need for robust cybersecurity measures in the evolving digital publishing ecosystem.
Users affected by the breach are encouraged to review guidance from the Federal Trade Commission on protecting personal information and recognizing phishing attempts. Substack has pledged to enhance its security infrastructure and improve transparency in its communications with users.
The company’s response aligns with best practices outlined by the National Institute of Standards and Technology (NIST), which advocates for timely breach notifications and comprehensive risk mitigation. As investigations continue, Substack is working closely with cybersecurity professionals to identify the breach’s root cause and prevent future incidents.
For now, the breach serves as a cautionary tale for digital content platforms and their users, emphasizing the critical importance of safeguarding personal data in an increasingly interconnected world.
Leave a Reply