Substack Data Breach Exposes User Email Addresses and Phone Numbers

First reported

05.02.2026 14:54

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Substack has notified users of a data breach that occurred in October 2025, during which attackers stole email addresses and phone numbers. The breach was discovered in February 2026. The platform assured users that no credentials or financial information were accessed. A threat actor later leaked a database containing 697,313 records on BreachForums, claiming the data was scraped. Substack has patched the vulnerability and warned users about potential phishing attempts. Substack has a history of privacy incidents, including a 2020 email exposure. The platform has grown significantly since its launch in 2017, reaching five million paid subscriptions by March 2025.

Timeline

05.02.2026 14:54 1 articles · 10h ago

Substack Data Breach Discovered in February 2026
Substack discovered a data breach in February 2026 that occurred in October 2025. Attackers stole email addresses and phone numbers but did not access credentials or financial information. A threat actor leaked a database on BreachForums containing 697,313 records of allegedly stolen data. Substack has patched the vulnerability and warned users about potential phishing attempts.
Show sources

Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
Open in new tab

Information Snippets

Substack discovered a data breach in February 2026 that occurred in October 2025.
First reported: 05.02.2026 14:54

1 source, 1 article
Show sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
Attackers stole email addresses and phone numbers but did not access credentials or financial information.
First reported: 05.02.2026 14:54

1 source, 1 article
Show sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
A threat actor leaked a database on BreachForums containing 697,313 records of allegedly stolen data.
First reported: 05.02.2026 14:54

1 source, 1 article
Show sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
Substack has patched the vulnerability exploited in the attack.
First reported: 05.02.2026 14:54

1 source, 1 article
Show sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
Substack warned users about potential phishing attempts using the stolen information.
First reported: 05.02.2026 14:54

1 source, 1 article
Show sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
Substack had a previous privacy incident in July 2020 where user email addresses were accidentally exposed.
First reported: 05.02.2026 14:54

1 source, 1 article
Show sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
Substack reached five million paid subscriptions by March 2025.
First reported: 05.02.2026 14:54

1 source, 1 article
Show sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54

Summary

Timeline

Substack Data Breach Discovered in February 2026

Information Snippets