Substack, the popular newsletter platform, has confirmed a data breach affecting its users’ email addresses and phone numbers. The breach, which occurred in October 2025 but was only discovered in early February, involved an unauthorized third party accessing user data, including internal metadata.
However, Substack clarified that more sensitive information such as credit card details and passwords remained unaffected by the breach. The company’s CEO, Chris Best, reassured users that the security vulnerability has been addressed, and an investigation is underway to understand the extent of the breach.
In an email to users, Best expressed apologies for the incident, emphasizing Substack’s commitment to data protection and privacy. Despite no evidence of data misuse so far, the company advised users to remain cautious with emails and texts.
With a significant user base, Substack has become a prominent platform for content creators. The company’s recent funding of $100 million in July 2025 highlights its growth trajectory.
Source: TechCrunch