E-newsletter platform Substack is notifying customers of an information breach after attackers stole their electronic mail addresses and cellphone numbers in October 2025.
Though the incident occurred 4 months in the past, CEO Chris Finest informed affected customers that Substack solely found the breach this week. Nevertheless, whereas the attackers stole some customers’ information, Finest added that they did not entry credentials or monetary info.
“On February third, we recognized proof of an issue with our programs that allowed an unauthorized third celebration to entry restricted person information with out permission, together with electronic mail addresses, cellphone numbers, and different inside metadata,” Finest mentioned in breach notification emails despatched immediately.
“This information was accessed in October 2025. Importantly, bank card numbers, passwords, and monetary info weren’t accessed.”
Though Substack has but to share what number of customers had been affected by the incident, on Monday, a menace actor leaked a database on the BreachForums hacking discussion board containing 697,313 data of allegedly stolen information.
Additionally they declare to have scraped the info and famous that “the scraping methodology used was noisy and patched quick.”
Whereas it did not clarify how the attacker gained entry to the stolen information or reveal the total affect of the info breach, Substack says it has addressed the flaw exploited within the assault and warned of potential phishing makes an attempt that might exploit the stolen info.
“We now have mounted the issue with our system that allowed this to occur,” Finest added. “We do not need proof that this info is being misused, however we encourage you to take additional warning with any emails or textual content messages you obtain that could be suspicious.”
A Substack spokesperson was not instantly out there for remark when contacted by BleepingComputer earlier immediately.
Virtually six years in the past, in July 2020, Substack by chance uncovered some customers’ electronic mail addresses in a privateness coverage replace electronic mail by together with them within the ‘to’ line as a substitute of the ‘bcc’ area.
Since its launch in 2017, Substack has gained reputation amongst unbiased journalists and content material creators, reaching 5 million paid subscriptions by March 2025.
Fashionable IT infrastructure strikes quicker than handbook workflows can deal with.
On this new Tines information, learn the way your group can scale back hidden handbook delays, enhance reliability via automated response, and construct and scale clever workflows on high of instruments you already use.
