Last updated 1 week ago
In October 2025, the publishing platform Substack experienced a data breach that exposed 663,121 account holder records. The compromised data included email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also contained phone numbers. The breached data was circulated more widely in February 2026. The breach exposed sensitive user information that could be used for targeted phishing attacks and identity theft, though no passwords or financial data were reportedly compromised.
Data breach that was subsequently circulated more widely
The breach highlights the importance of protecting user profile data even when it's publicly visible, as aggregation of such data can enable targeted attacks. Substack should implement enhanced monitoring for unauthorized data access and exfiltration, review access controls to user data, and ensure proper encryption of sensitive fields like phone numbers. Companies should also have incident response plans for timely notification when breaches are discovered, as there appears to have been a delay between the initial breach and wider circulation of the data.
Company
Industry
Location
Discovered
Disclosed
Records Affected
Attack Vector