Substack Data Breach Exposes Users' Emails and Phone Numbers

A security incident last year exposed the email addresses and phone numbers linked to Substack users, according to a notification sent by the platform to affected account holders. The breach occurred in October 2025 when an unauthorized third party accessed internal data without authorization. However, passwords, credit card numbers, and other financial information remain secure. Substack CEO Chris Best revealed the incident on February 3rd, stating that the company’s systems had a flaw that allowed unauthorized access to limited user data, including email addresses, phone numbers, and internal metadata. The breach has raised concerns about data security and privacy among Substack users, who are being informed of the incident through an email update.