Substack data breach confirmed: user phone numbers email addresses all stolen in attack, here's what we know

News
By published

Substack reportedly breached in October

Substack design
(Image credit: Substack)
  • Substack confirms October 2025 breach exposing user emails, phone numbers, and metadata
  • CEO Chris Best assured no financial data or credentials were accessed; hole patched and investigation ongoing
  • BreachForums thread advertises ~700K stolen records, despite Substack claiming no evidence of abuse so far

Substack has confirmed threat actors broke into its systems and stole user emails and phone numbers.

On social media people are sharing screenshots of a data breach notification letter, sent to affected individuals by Substack CEO Chris Best saying the company found “evidence of a problem with our systems” on February 3. This problem allowed an unidentified and unauthorized third party to “access limited user data without permission, including email addresses, phone numbers, and other internal metadata.”

Best said the breach took place in October 2025, and that credit card information, login credentials, and financial information, were not accessed.

"Noisy" attack

He further stated that the hole the miscreants used to break in was patched, and that a full investigation is under way. Substack is also “taking steps to improve our systems and processes to prevent this type of issue from happening in the future.”

While the platform claims there is no evidence of the data being abused in the wild, BleepingComputer found a new thread on the infamous BreachForums, in which a threat actor advertised a database of almost 700,000 records stolen from the company.

According to the attackers, they scraped the data fast, since the scraping method they used was “noisy and patched fast”.

For those unfamiliar with Substack, it is a newsletter platform with social network elements, boasting some 17 million users at the moment.

Substack is rather popular among writers and journalists who use to send posts directly to subscribers via email and a web page.

It’s popular because it lets creators own their audience and make money through paid memberships, while Substack handles payments, hosting, and distribution. It’s commonly used for journalism, opinion writing, tech analysis, finance, culture, and niche expert content.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.