Substack confirms data breach affects users’ email addresses and phone numbers

Newsletter level Substack has confirmed a information breach successful an email to users. The institution said that successful October, an “unauthorized 3rd party” accessed idiosyncratic data, including email addresses, telephone numbers, and different unspecified “internal metadata.”

Substack specified that much delicate data, specified arsenic recognition paper numbers, passwords, and different fiscal information, was unaffected.

In an email sent to users, Substack main enforcement Chris Best said that the institution identified the contented successful February that allowed idiosyncratic to entree its systems. Best said that the institution has fixed the occupation and started an investigation.

“I’m reaching retired to fto you cognize astir a information incidental that resulted successful the email code and telephone fig from your Substack relationship being shared without your permission,” said Best successful the email to users. “I’m incredibly atrocious this happened. We instrumentality our work to support your information and your privateness seriously, and we came up abbreviated here.”

It’s not wide what precisely the contented was with its systems, and the scope of the information that was accessed. It’s besides not yet known wherefore the institution took 5 months to observe the breach, oregon if the institution was contacted by hackers demanding a ransom. TechCrunch asked the institution for much details, and we volition update our communicative if we perceive back.

Substack did not accidental however galore users are affected. The institution said that it doesn’t person immoderate grounds that users’ information is being misused, but did not accidental what method means, specified arsenic logs, it has to observe grounds of abuse. However, the institution asked users to instrumentality caution with emails and texts without immoderate peculiar indicators oregon direction.

On its website, Substack says that its tract has much than 50 cardinal progressive subscriptions, including 5 cardinal paid subscriptions — a milestone it reached past March. In July 2025, the institution raised $100 cardinal successful Series C funding led by BOND and The Chernin Group (TCG) with information from a16z, Klutch Sports Group CEO Rich Paul, and Skims co-founder Jens Grede.