Newsletter platform Substack disclosed a security incident where an intruder accessed user contact details, including email addresses and account metadata, months before the company detected the breach. The company has notified affected users and is investigating the incident, though financial data was not compromised. The breach may be linked to a posted dataset of user records.
Newsletter platform Substack has admitted that an intruder swiped user contact details months before the company noticed, forcing it to warn writers and readers that their email addresses and other account metadata were accessed without permission.
The disclosure arrived in an email this week from Substack CEO Chris Best to affected users, who acknowledged the lapse in unusually no-frills language."I'm reaching out to let you know about a security incident that resulted in the email address from your Substack account being shared without your permission," Best said in the message, seen by."This sucks. I'm sorry. We will work very hard to make sure it does not happen again." According to the company, an"unauthorized third party" accessed limited user data during October 2025. The incident was not detected until February 3, when Substack reported that it had uncovered evidence that its systems had been compromised. The exposed information includes email addresses, phone numbers, and internal account metadata. Substack maintains that passwords, credit card numbers, and financial data were not touched.AWS intruder achieved admin access in under 10 minutes thanks to AI assist, researchers sayThe company says that it has since patched the vulnerability that allowed access and has launched a full internal investigation. It also claims there is currently no evidence that the stolen data is being actively misused, though it is urging users to remain alert for suspicious emails or phishing attempts. Substack's confirmation comes after a threat actor posted a dataset they said had been stolen from the platform. A post on a cybercrime forum advertised nearly 700,000 alleged user records, including names, email addresses, phone numbers, user IDs, and profile images. It's still unclear whether the trove of data circulating online is connected to the breach Substack has acknowledged. The company did not respond to questions fromasking how many users might be affected, what categories of data may have been exposed, or whether the October intrusion matches the information that later surfaced publicly. The breach could prove particularly damaging for Substack, whose business depends on trust between writers and subscribers. Mailing lists sit at the core of that model, and if compromised, they could provide scammers with a ready-made catalogue of highly engaged readers. ®SpaceX wants to fill Earth orbit with a million datacenter satellitesUK's 'world-first' deepfake detection framework unlikely to stop the fakes, says expert
Substack Data Breach Security Incident User Data Email Addresses
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Retired Vet Admits Drugging Wife to Facilitate Child Sexual AbuseJon Ruben, a retired vet, pleaded guilty to drugging his wife to ensure she remained unconscious while he sexually assaulted children. Ruben had previously admitted to sexually assaulting boys and child cruelty at a Christian summer camp.
Read more »
Man denies he worked at Bristol nursery to abuse kids, court toldBennett admits 13 sexual offences involving five, two or three-year-old boys.
Read more »
Ghislaine Maxwell Admits Andrew-Giuffre Photo Authenticity in Epstein FilesNewly released Epstein files reveal Ghislaine Maxwell's private admission to her lover Epstein, confirming the authenticity of the photograph depicting Prince Andrew with Virginia Giuffre. The revelation casts doubt on Andrew's previous denial and his alibi.
Read more »
Royal Marine admits killing man with fatal punch in ExmouthCommando Joseph Jones, 22, admits the manslaughter of chef Cemal Yilmaz, 29, in Devon in December.
Read more »
Emma Stone Prioritizes Mental Health, Avoids Instagram in Favor of 'Lurking' and SubstackActress Emma Stone explains her decision to avoid Instagram and other social media, emphasizing her focus on mental health. She reveals her preference for 'lurking' on Substack to stay updated on pop culture, along with details about her upcoming Super Bowl commercial and her experiences with website creation and blogging.
Read more »
Jail for Peterborough dealer involved in county-wide drugs gangShazad Ahmad Shabir admits conspiracy to supply drugs with a street value of millions of pounds.
Read more »