Substack Confirms Data Breach After Hacker Leaks User Records

Substack has been forced to disclose a significant data breach after a hacker publicly leaked user records stolen from its systems. The digital publishing platform is now notifying users that their email addresses, phone numbers, and internal metadata were compromised in the incident, which raises serious questions about the company's security posture and incident detection capabilities.

The company stated the breach occurred in October 2025 but went undetected for months, only being discovered on February 3. According to a notification signed by CEO Chris Best, an investigation found evidence of a system vulnerability that allowed an unauthorized third party to access this limited user data. Substack has emphasized that more sensitive information, including user passwords, payment card numbers, and other financial data, was not exposed in this attack.

The delayed discovery—spanning from October to February—highlights a critical failure in Substack's security monitoring. This incident places immediate pressure on the platform to reassure its vast network of writers and subscribers, who rely on it for secure communication and content distribution. The exposure of contact information and metadata alone creates substantial risks for phishing campaigns, targeted harassment, and a loss of user trust, potentially impacting the platform's core business model built on creator relationships.