Substack recently confirmed that it had suffered a data breach exposing user data like email addresses and phone numbers, though the company claims the incident did not include financial information or passwords.
The breach actually happened back in October 2025, but Substack only admitted to finding evidence of the intrusion on February 3. The folks at Bleeping Computer say a threat actor by the handle w1kkid leaked a database containing 697,313 records on Breach Forums earlier this week. This individual claims to have scraped the data using a noisy method that Substack supposedly patched quickly.
In the email sent to users, Substack CEO Chris Best failed to explain exactly how the attackers managed to gain access to this data, only noting that the unauthorized third party accessed limited user data, including email addresses, phone numbers, and other "internal metadata." He said the company has fixed the specific problem and is "conducting a full investigation" to prevent future screw-ups.
What you can do.
We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.
This sucks. I"m sorry. We will work very hard to make sure it does not happen again.
Substack is a fairly popular newsletter platform that makes its money by taking a 10% cut of subscription revenue instead of selling user eyeballs to advertisers. This model supposedly meant there was no algorithm feeding you viral content, and you only received updates from those you were subscribed to, which attracted creators tired of platforms renting out their audiences. But over the years, the platform has been trying to reinvent itself as a full-on social network.
We have seen this shift with the launch of features like Substack Notes, which functions almost exactly like X, where users post short text updates that others can "Restack" (Retweet), like, and reply to without ad interruptions (Elon Musk was not happy about this one). More recently, the company introduced a dedicated "Media" tab in the app that serves a vertical, scrollable video feed that looks suspiciously similar to TikTok.