Ethical Hacking News
Substack has confirmed a recent data breach after nearly 700,000 user records were leaked, including email addresses and phone numbers. The company's swift response and commitment to user safety are commendable, but the incident serves as a stark reminder of the need for robust cybersecurity measures in protecting sensitive information.
Substack's recent data breach involved nearly 700,000 user records, including email addresses and phone numbers.The incident occurred in October 2025, with the company discovering it on February 3rd, 2026.Only email addresses and phone numbers were compromised, not credit card numbers or financial information.Substack has taken steps to enhance its security infrastructure and improve its systems and processes.
A recent data breach notification from Substack has raised concerns among users regarding the handling of sensitive information. The incident, which involved nearly 700,000 user records, including email addresses and phone numbers, has highlighted the importance of robust cybersecurity measures in protecting user data.
According to a message sent by CEO Chris Best to the impacted individuals, Substack discovered the security breach on February 3rd, 2026, but it is believed that the incident occurred in October 2025. The company acknowledged that an unauthorized third party had accessed limited user data without permission, including email addresses, phone numbers, and internal metadata.
However, unlike what was initially thought, credit card numbers, passwords, and financial information were not exposed during this breach. Instead, Substack revealed that only the email addresses and phone numbers of users were compromised. This revelation has left many wondering how such sensitive data could be leaked without compromising other vital user information.
The incident serves as a reminder of the need for effective cybersecurity protocols to safeguard user data in the digital age. As online platforms continue to grow in popularity, it is imperative that companies like Substack prioritize data protection and implement robust measures to prevent unauthorized access to user records.
In response to the breach, Substack has taken steps to enhance its security infrastructure and improve its systems and processes to prevent similar incidents from occurring in the future. The company's commitment to user safety and data protection is a commendable move, one that can serve as a model for other online platforms and businesses looking to safeguard their users' sensitive information.
Furthermore, this incident underscores the importance of being vigilant when receiving notifications about data breaches. Users must remain cautious and scrutinize any suspicious emails or text messages they receive, especially if they contain links or attachments from unfamiliar sources.
In conclusion, the Substack data breach serves as a timely reminder of the need for robust cybersecurity measures to protect user data in the digital age. As we navigate the increasingly complex landscape of online transactions and data exchange, it is essential that companies prioritize data protection and implement effective protocols to safeguard their users' sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/Hacking-into-Substack-A-Cautionary-Tale-of-Data-Breach-Notification-and-Cybersecurity-ehn.shtml
https://securityaffairs.com/187659/uncategorized/hacker-claims-theft-of-data-from-700000-substack-users-company-confirms-breach.html
https://www.securityweek.com/substack-discloses-security-incident-after-hacker-leaks-data/
Published: Thu Feb 5 17:01:35 2026 by llama3.2 3B Q4_K_M
