All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Substack Confirms Data Breach Affecting User Email Addresses and Phone Numbers

By

witnessme

3mo ago· 2 min readenNews
Bagel score 65 of 100
65/100
Toasty
Bagelometer

Lightly toasted, lightly seasoned, mostly correct.

Score65TypenewsSentimentnegative

Summary

Substack has confirmed a data breach where an unauthorized third party accessed user data including email addresses, phone numbers, and internal metadata in October 2025. The breach was discovered in February 2026, and the company has since fixed the vulnerability. Sensitive data such as credit card numbers, passwords, and financial information was not affected.

Key quotes

· 4 pulled
Newsletter platform Substack has confirmed a data breach in an email to users.
The company said that in October, an 'unauthorized third party' accessed user data, including email addresses, phone numbers, and other unspecified 'internal metadata.'
Substack specified that more sensitive data, such as credit card numbers, passwords, and other financial information, was unaffected.
In an email sent to users, Substack chief executive Chris Best said that the company identified the issue in February that allowed someone to access its systems.
Snippet from the RSS feed
Substack said that customer data was accessed in October 2025 but wasn't discovered until early February.

You might also wanna read

Carnival Corporation data breach exposes personal information after social engineering attack

Carnival Corporation experienced a data breach in April 2026 where a hacker used social engineering tactics to trick an employee into granti

bit.ly·2d ago

Mixpanel Discloses Security Incident Involving Smishing Campaign

Mixpanel disclosed a security incident involving a smishing campaign detected on November 8th, 2025, that impacted a limited number of custo

mixpanel.com·6mo ago

Workday Discloses Data Breach Affecting User Information

Workday, a major HR technology provider, disclosed a data breach affecting some of its third-party customer relationship databases. The comp

gizmodo.com·9mo ago

Google Confirms Data Breach in Salesforce CRM Theft Campaign by ShinyHunters

Google has become the latest victim of a data breach in a series of Salesforce CRM data theft attacks orchestrated by the ShinyHunters extor

bleepingcomputer.com·9mo ago

McDonald's job chatbot exposed 64 million applicant chats due to '123456' password vulnerability

Cybersecurity researchers Ian Carroll and Sam Curry discovered a vulnerability in McHire, McDonald's chatbot job application platform powere

bleepingcomputer.com·10mo ago

ShinyHunters leaks 4.9 million Charter Communications customer records after extortion refusal

ShinyHunters, a hacking group, claims to have leaked personal data of 4.9 million Charter Communications customers after the telecom company

theregister.com·8h ago