Digital publishing platform Substack has disclosed a data breach after a hacker leaked user records allegedly taken from the company’s systems.
Substack is a popular subscription-based publishing platform that allows writers, podcasters, and creators to send newsletters directly to their subscribers while monetizing their work. According to the latest data, the platform has approximately 35 million subscribers.
The company has begun sending notifications to inform users about a security incident that compromised email addresses, phone numbers, and internal metadata.
Substack said the incident occurred in October 2025 but was only discovered on February 3, when the company found “evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission”.
The notification to users, signed by Substack CEO Chris Best, states that passwords, payment card numbers, and other financial information were not exposed.
While the company said it has no evidence that the compromised information has been misused, it has urged users to be on the lookout for suspicious emails and text messages.
The notification comes just days after a hacker leaked what they claim to be Substack user data.
In a post on a popular cybercrime forum, the hacker said they stole data such as names, email addresses, phone numbers, profile pictures, user IDs, and bios.
The threat actor claims to have obtained nearly 700,000 records through scraping, describing the attack as “noisy”, which led to the company quickly implementing mitigations.
Related: Hackers Leak 5.1 Million Panera Bread Records
Related: Crunchbase Confirms Data Breach After Hacking Claims
Related: Nike Probing Potential Security Incident as Hackers Threaten to Leak Data
