While you join a subscription on Substack, you are considering you may obtain newsletters and posts from on-line creators, not lose the info you share with the platform. However like several digital service, the info you present when signing up is on the mercy of Substack, or anybody who occurs to achieve entry to that knowledge. Sadly, that is now the case.
Substack could have misplaced practically 700,000 consumer data
As reported by BleepingComputer, Substack lately disclosed a major knowledge breach. The corporate’s CEO, Chris Finest, despatched customers a discover of the breach this week, sharing that e-mail addresses, telephone numbers, and “different inside metadata” had been shared from Substack accounts with out their permission. The corporate reportedly found the breach on Feb. 3, though hackers accessed the info itself in October of 2025. Which means the info was in unauthorized arms for roughly 4 months earlier than Substack recognized the breach.
Finest defined that Substack has since mounted the issue with the system that allowed an unauthorized third get together to entry this knowledge. The corporate is launching an investigation and is reportedly taking steps to forestall such a breach from occurring going ahead. On the brilliant aspect, Finest claims that bank card numbers, passwords, and monetary data weren’t accessed within the breach.
What Finest would not share is the scope of the breach. For that, we’ve to show to BleepingComputer, which discovered a publish from a “risk actor” on the hacking discussion board BreachForums. The actor posted a database of 697,313 Substack data, sharing that the Substack consumer base is way bigger, however the scraping technique was “noisy and patched quick.” This actor says the info compromised consists of e-mail addresses, telephone numbers, names, consumer IDs, Stripe IDs, profile footage, and bios—a bit extra detailed than the report from Substack’s CEO.
700,000 data is not the identical as 700,000 customers: Every document is one thing like an e-mail deal with or a telephone quantity, which suggests one Substack consumer might have misplaced a number of data within the breach. Nonetheless, it is numerous knowledge factors, and is little comfort to the customers who’ve misplaced data right here.
What do you assume to this point?
What Substack can do after this breach
Sadly, there’s not a lot customers can do to mitigate a knowledge breach as soon as it is occurred. The information stolen from Substack is already misplaced, and you will not be capable of undo that. Nevertheless, there are some steps you possibly can take to guard your self within the wake of the breach, and to forestall this knowledge loss sooner or later.
First, carefully monitor your incoming texts and emails. Hackers will reap the benefits of the info right here to focus on Substack customers in phishing schemes. In case you obtain messages from strangers, and even suspicious messages claiming to come back from Substack, train warning. As per traditional, by no means click on on hyperlinks in messages from senders you do not know, and, much more importantly, by no means obtain information or purposes if instructed.
You may additionally need to contemplate masking your e-mail deal with going ahead. Use a service like Apple’s “Hide My Email” or DuckDuckGo’s email protection to generate a “burner” deal with every time it is advisable share your e-mail with a service. The service will ship messages to the burner deal with, which will get forwarded to your actual deal with. That means, the service would not know your actual deal with, and, if hacked, will not compromise it. Hackers will solely get the burner, which you’ll be able to shut down at any time.
Trending Merchandise
