SUBSTACK confirmed a data breach after a hacker leaked data from nearly 700,000 users, including email addresses and phone numbers. Substack disclosed a security incident affecting email addresses, phone numbers, and internal metadata; the company says the incident occurred in October 2025 and was identified on 3 February 2026, according to the message sent by CEO Chris Best to the impacted individuals. The message states that passwords and financial data were not exposed.
On a cybercrime forum a threat actor claimed to have stolen nearly 700,000 records from the company, including names and contacts. The company launched an investigation into the security breach and took steps to enhance the security of its infrastructure. There is no evidence of misuse so far, but users are advised to stay alert and be cautious of any suspicious emails or text messages.