Substack, a popular platform for content creators, recently disclosed a data breach that compromised users’ email addresses and phone numbers. The incident, acknowledged by Substack CEO Chris Best, occurred in October 2025 when a hacker gained unauthorized access to internal data. Notably, sensitive information like passwords and credit card details remained secure.
In an email to affected users, Best stated that while email addresses, phone numbers, and internal metadata were accessed, there is currently no evidence of misuse. Nevertheless, users are advised to remain vigilant against suspicious emails or messages. Substack has taken corrective measures to address the security vulnerability and is actively investigating the breach to prevent similar incidents in the future.
While specific details about the breach are not disclosed, Substack’s commitment to enhancing its security protocols underscores the platform’s dedication to safeguarding user data. Best expressed regret over the breach, emphasizing Substack’s focus on data protection.
This incident serves as a reminder of the ongoing challenges in maintaining data security in the digital age. It highlights the importance of robust cybersecurity measures for tech companies to uphold user trust and privacy.
Source: The Verge