Substack's Data Breach Exposed: What You Need to Know
Substack, the popular digital publishing platform, has confirmed that it suffered a security breach in October 2025. The incident, which involved an unauthorized third party accessing limited user data without permission, saw email addresses and phone numbers compromised.
In an email posted on Bluesky, Substack CEO Christ Best acknowledged the breach, stating that the company became aware of the issue on February 3. While internal metadata was also accessed during the hack, credit card numbers and other financial details were not stolen. Moreover, no passwords were obtained as a result of the breach.
Substack has assured users that it is taking steps to improve its systems and processes to prevent similar incidents in the future. The company is conducting a full investigation into the matter and has already addressed the security vulnerabilities. CEO Christ Best emphasized that there is currently no evidence to suggest that the stolen data is being misused, but users are advised to remain vigilant for suspicious emails or text messages.
However, details about the extent of the breach remain scarce. While Substack has not disclosed how many accounts were affected, a database allegedly containing over 697,300 stolen records from the platform was leaked on the hacking forum BreachForums. It is unclear at this time whether the data has been misused or if it poses any significant risk to users.
In light of this breach, Substack users are advised to exercise caution and be on the lookout for potential phishing attempts or other forms of cyber threats.
Substack, the popular digital publishing platform, has confirmed that it suffered a security breach in October 2025. The incident, which involved an unauthorized third party accessing limited user data without permission, saw email addresses and phone numbers compromised.
In an email posted on Bluesky, Substack CEO Christ Best acknowledged the breach, stating that the company became aware of the issue on February 3. While internal metadata was also accessed during the hack, credit card numbers and other financial details were not stolen. Moreover, no passwords were obtained as a result of the breach.
Substack has assured users that it is taking steps to improve its systems and processes to prevent similar incidents in the future. The company is conducting a full investigation into the matter and has already addressed the security vulnerabilities. CEO Christ Best emphasized that there is currently no evidence to suggest that the stolen data is being misused, but users are advised to remain vigilant for suspicious emails or text messages.
However, details about the extent of the breach remain scarce. While Substack has not disclosed how many accounts were affected, a database allegedly containing over 697,300 stolen records from the platform was leaked on the hacking forum BreachForums. It is unclear at this time whether the data has been misused or if it poses any significant risk to users.
In light of this breach, Substack users are advised to exercise caution and be on the lookout for potential phishing attempts or other forms of cyber threats.
. First they're saying their systems were breached but then some hacker leaks a database with like over 697k records and that's just...wow. I mean I get it, security breaches happen, but come on Substack can't even keep track of your own users' data? And what's up with the lack of info on how many accounts were actually affected? Are they trying to cover something up? 
Anyway, yeah be careful out there and don't click on any suspicious links or emails from Substack. They need to step their game up if they want to keep users trusting them 
already had some issues in 2024, now this... hope they figure out what went wrong & fix it ASAP 
so yeah, def keep an eye on emails & texts from substack, cant have ppl getting hacked left & right 
so, another major platform gets hacked... how original 
seriously though, 697k records leaked? that's like a whole lot of juicy stuff 
substack needs to step up their security game ASAP, not just for users but also for the sake of all the annoying ads they're pushing on us 
... I mean, 697k records leaked online? That's a lot of compromising info 
... some transparency would be nice, you know? Just wanna make sure my emails and phone numbers are safe 
. Guess we're all just gonna have to keep our wits about us online for now 
.
.
Oh no, just heard about Substack's data breach 
... but still, it's not good to see a company like that get compromised 
. Anyone have any idea how many accounts were affected? 
. Can't help but wonder if the stolen data is being sold on the dark web 
... hope it doesn't lead to any serious issues 
. Better safe than sorry, right? 
.
. but honestly, 697k records leaked online? that's a whole lotta info 
... anyway, i think it's super important for users to stay vigilant and keep an eye out for suspicious emails or texts - even if there's no evidence of misuse yet, we can't take any chances 
. substack needs to do more to reassure us that their security is top-notch 
I'm still shaking my head over this Substack thing 
Except when you think about how vulnerable all those people are now 
but what does that even mean?!? Are they gonna change their passwords? Update their security protocols? Like, can't they just be proactive for once?!? 
. I was driving through these countryside roads and saw a farmer out fixing his tractor 
. It made me think about how we need to preserve our natural spaces for future generations 
" 
. I mean, I've heard of substack being a great platform and all, but I guess even the best can have a flaw 
. And yeah, it's good that they're taking steps to improve their security but what about those poor users who got affected 
. Anyways, Substack users should def be cautious now - those phishing emails and texts are super sketchy 
my aunt had her email hacked once and she just got a bunch of weird spam emails with nothin relevant to her... it was kinda annoying but not the end of the world 
