Content publishing platform Substack has notified several of its users that their email addresses, phone numbers, and other internal metadata were accessed without authorization in a security incident that occurred in October 2025. The company disclosed the breach in emails sent to affected account holders this month, after identifying the issue on February 3.
Substack CEO Chris Best wrote in a post on Bluesky that an unauthorized third party gained access to limited user data, including email addresses, phone numbers, and unspecified “internal metadata.” Critically, the company stated that no passwords, credit card numbers, or other financial information were compromised. Best apologized directly to users, saying, “I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.”
It is not clear why the breach, which occurred in October, was not detected until early February, which is nearly four months later. The company has also not publicly detailed the nature of the vulnerability, whether it involved a misconfigured server, API endpoint, third-party service, or other issues.
For now, the firm has addressed the underlying security vulnerability and is conducting a full investigation. It is also taking steps to strengthen systems and processes to prevent similar incidents in the future. Substack urged affected users to remain vigilant for suspicious emails or text messages, although it reported no evidence that the stolen information is currently being misused. The breach’s scale remains officially undisclosed by Substack. However, security researchers and media outlets, including Bleeping Computer, reported that a dataset allegedly containing 697,313 records from Substack appeared on BreachForums, a well-known hacking forum, shortly before the company’s disclosure. The leaked database reportedly included email addresses, phone numbers, user IDs, Stripe payment identifiers, profile pictures, bios, and other non-sensitive metadata.
Substack, founded nearly a decade ago, has grown into one of the most prominent platforms for independent writers and creators, offering tools for publishing newsletters, monetizing content through subscriptions, and building direct relationships with readers. The company reported more than 5 million paid subscriptions and approximately 20 million active monthly users as of early 2025. Around 17,000 writers earn income through the platform, with total payouts to creators exceeding hundreds of millions of dollars annually. The firm had also scooped up $100 million in Series C funding in July, led by BOND and The Chernin Group, with participation from Andreessen Horowitz and others. The round valued the company at more than $1 billion and catapulted it into the unicorn club. The current breach affects a subset of this user base—likely creators, paid subscribers, and active account holders—though Substack has not specified how many individuals received the notification.
The Tech Portal is published by Blue Box Media Private Limited. Our investors have no influence over our reporting. Read our full Ownership and Funding Disclosure →
