Summary created by Smart Answers AI
In summary:
- PCWorld reports that Substack experienced a data breach in October 2025, exposing email addresses and phone numbers of approximately 697,000 users.
- The company discovered the security flaw on February 3rd, 2026, and confirmed no passwords or financial data were compromised according to CEO Chris Best.
- Users should remain vigilant against suspicious emails or texts as hackers allegedly posted the stolen records on underground forums.
Substack has informed some of its users of a data breach in which email addresses and phone numbers were stolen. The attack occurred in October 2025, but the breach was first discovered on February 3rd, 2026, reports BleepingComputer.
According to Substack CEO Chris Best, an unauthorized party gained access to limited user data. No passwords, payment details, or other financial data were affected. Some internal metadata was leaked.
Substack states that the security flaw has now been fixed and that a full investigation is underway. There are currently no signs that the stolen data has been misused, but users are urged to be cautious and watch out for suspicious emails or text messages.
The company has not confirmed how many accounts have been affected. A data set was published on the hacker forum Breachforums that allegedly contains approximately 697,000 records from Substack.
This article originally appeared on our sister publication M3 and was translated and localized from Swedish.
