Substack data breach exposed users’ emails and phone numbers

Substack is notifying immoderate users that the email addresses and telephone numbers linked to their accounts were exposed successful a “security incident” past year. In an email to relationship holders, Substack CEO Chris Best said that a hacker had accessed soul information without authorization successful October 2025, but that passwords, in installments paper numbers, and different financial accusation stay secure.

“On February 3rd, we identified grounds of a problem pinch our systems that allowed an unauthorized 3rd statement to entree constricted personification information without permission, including email addresses, telephone numbers, and different soul metadata,” Best said successful the email. “We do not person grounds that this accusation is being misused, but we promote you to return other be aware pinch immoderate emails aliases matter messages you person that whitethorn beryllium suspicious.”

Substack says that it has since fixed the information problem, and is now conducting a afloat investigation alongside bolstering its systems “to forestall this type of rumor from happening successful the future.” The level didn’t supply immoderate specifications regarding what the information rumor was, aliases really galore users person been impacted — myself and respective Verge colleagues who besides usage Substack did not person the email. We person reached retired to Substack for clarification.

“I’m incredibly sorry this happened,” Best said successful the email to users. “We return our work to protect your information and your privateness seriously, and we came up short here.”