Substack Data Breach Exposes User Email Addresses and Phone Numbers
Summary
Hide ▲
Show ▼
Substack has confirmed a data breach that occurred in October 2025, during which attackers stole email addresses and phone numbers. The breach was detected on February 3, 2026, and confirmed via an email notification to users on February 5, 2026. Substack assured users that no credentials or financial information were accessed. A threat actor later leaked a database containing 697,313 records on BreachForums, claiming the data was scraped. Substack has patched the vulnerability and warned users about potential phishing attempts. Substack has a history of privacy incidents, including a 2020 email exposure. The platform has grown significantly since its launch in 2017, reaching over 50 million active subscriptions, including five million paid, by March 2025.
Timeline
-
05.02.2026 14:54 2 articles · 1d ago
Substack Data Breach Discovered in February 2026
Substack discovered a data breach in February 2026 that occurred in October 2025. Attackers stole email addresses and phone numbers but did not access credentials or financial information. A threat actor leaked a database on BreachForums containing 697,313 records of allegedly stolen data. Substack has patched the vulnerability and warned users about potential phishing attempts. The breach was detected on February 3, 2026, and confirmed via an email notification to users on February 5, 2026. Substack reported over 50 million active subscriptions, including five million paid, as of March 2025.
Show sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
Information Snippets
-
Substack discovered a data breach in February 2026 that occurred in October 2025.
First reported: 05.02.2026 14:542 sources, 2 articlesShow sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
-
Attackers stole email addresses and phone numbers but did not access credentials or financial information.
First reported: 05.02.2026 14:542 sources, 2 articlesShow sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
-
A threat actor leaked a database on BreachForums containing 697,313 records of allegedly stolen data.
First reported: 05.02.2026 14:542 sources, 2 articlesShow sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
-
Substack has patched the vulnerability exploited in the attack.
First reported: 05.02.2026 14:542 sources, 2 articlesShow sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
-
Substack warned users about potential phishing attempts using the stolen information.
First reported: 05.02.2026 14:542 sources, 2 articlesShow sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
-
Substack had a previous privacy incident in July 2020 where user email addresses were accidentally exposed.
First reported: 05.02.2026 14:541 source, 1 articleShow sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
-
Substack reached five million paid subscriptions by March 2025.
First reported: 05.02.2026 14:542 sources, 2 articlesShow sources
- Newsletter platform Substack notifies users of data breach — www.bleepingcomputer.com — 05.02.2026 14:54
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
-
Substack CEO Chris Best notified users of the breach via email on February 5, 2026.
First reported: 06.02.2026 18:221 source, 1 articleShow sources
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
-
The breach was detected on February 3, 2026, with evidence of unauthorized access to user data.
First reported: 06.02.2026 18:221 source, 1 articleShow sources
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
-
Substack reported over 50 million active subscriptions, including five million paid, as of March 2025.
First reported: 06.02.2026 18:221 source, 1 articleShow sources
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
-
Security experts advised users to be cautious of phishing attempts and scams.
First reported: 06.02.2026 18:221 source, 1 articleShow sources
- Substack Confirms Data Breach, "Limited User Data" Compromised — www.infosecurity-magazine.com — 06.02.2026 18:22
Similar Happenings
Mixpanel Data Breach Exposes OpenAI API User Information
OpenAI has disclosed that a data breach at Mixpanel, a third-party analytics provider, exposed limited customer identifiable information and analytics data of some OpenAI API users. The breach occurred between November 9 and 25, 2025, and resulted from a smishing (SMS phishing) campaign detected on November 8, 2025. Affected data includes names, email addresses, approximate locations, operating systems, browsers, referring websites, and organization or user IDs associated with API accounts. OpenAI has removed Mixpanel from its services and is conducting additional security reviews across its vendor ecosystem. The company is notifying potentially affected users and advising them to be vigilant against phishing and social engineering attacks. OpenAI emphasized that no chat content, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised. CoinTracker, a cryptocurrency portfolio tracker and tax platform, has also been impacted, with exposed data including device metadata and limited transaction count.
Discord Breach Highlights Risks of Mandated ID Data Collection
In October 2025, Discord disclosed a breach affecting a third-party customer service provider, exposing personal data, including government-issued identification documents. The breach underscores the security risks posed by legal mandates requiring organizations to collect and store sensitive ID data, which they may lack the infrastructure to protect effectively. The incident highlights the challenges faced by managed service providers (MSPs) in securing client data across multiple regulatory environments, emphasizing the need for integrated security solutions to mitigate risks.
Discord User Data Compromised in Third-Party Breach
Hackers claim to have stolen data from 5.5 million unique Discord users after compromising a third-party customer service provider. The attack occurred on September 20, 2025, affecting users who interacted with Discord’s customer support and/or Trust and Safety teams. The breach appears to be financially motivated, with hackers demanding a ransom. The Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack, stating they breached a Zendesk instance used by Discord for customer support. The compromised data includes real names, usernames, email addresses, contact details, IP addresses, messages, attachments, photos of government-issued identification documents, partial billing information, and purchase history. Discord took immediate action to isolate the support provider from its ticketing system and launched an investigation with the help of a forensics firm and law enforcement. The hackers also accessed corporate data, including training materials and internal presentations. Discord has notified law enforcement and relevant data protection authorities about the incident. No full credit card numbers, CVV codes, passwords, or authentication data were compromised. Additionally, no messages or activity on Discord outside of communication with customer support were obtained by the attackers.
Harrods Data Breach via Third-Party Provider
Harrods, a luxury British department store, disclosed a new data breach affecting 430,000 online customers. The breach involved the compromise of a third-party provider's system, leading to the exposure of names, contact details, and internal marketing tags and labels. The incident was isolated and contained, and no account passwords, payment details, or order histories were compromised. The breach is not connected to a previous incident in May, where unauthorized access attempts were detected. Four individuals were arrested in July for suspected involvement in cyberattacks against Harrods and other major British retailers. This breach is part of a series of recent cyberattacks targeting high-profile British businesses, including Jaguar Land Rover and Kido nursery chain.
Chess.com suffers data breach via third-party file transfer app
Chess.com experienced a data breach in June 2025, where unauthorized actors accessed a third-party file transfer app used by the platform. The breach occurred between June 5 and June 18, affecting approximately 4,500 users out of the platform's 100 million user base. The compromised data includes names and other personally identifiable information (PII). Chess.com discovered the breach on June 19 and has since taken measures to secure its systems and notify law enforcement. The platform is offering impacted users free identity theft and credit monitoring services. This is the second cyber incident for Chess.com in recent years, following a 2023 data breach where over 800,000 user records were scraped and posted online.