Substack CEO informs customers of a knowledge breach

The digital publishing platform Substack has informed a few of its customers that their information was stolen in a safety breach. The affected account holders had their electronic mail addresses and cellphone numbers scraped in a hack that occurred in October 2025.

In an electronic mail posted on , Substack CEO, Christ Finest, stated the corporate grew to become conscious of the breach on February 3, which concerned an “unauthorized third celebration to entry restricted person information with out permission.” Whereas inside metadata was additionally shared within the hack, Finest stated that bank card numbers and different monetary particulars weren’t. No passwords have been obtained both.

In addition to apologizing to Substack customers, the corporate’s CEO additionally stated within the electronic mail that the safety vulnerabilities have now been addressed. “We’re conducting a full investigation, and are taking steps to enhance our methods and processes to stop one of these difficulty from taking place sooner or later,” he stated. Finest added that there isn’t any proof that any of the stolen information is being “misused,” however suggested the affected account holders to be cautious of suspicious emails or textual content messages they could obtain.

The e-newsletter platform has not disclosed what number of accounts have been hacked, however reported {that a} database allegedly containing 697, 313 stolen information information from Substack was leaked on the hacking discussion board BreachForums.