A significant data breach at Substack, the prominent newsletter platform, has exposed users’ email addresses and phone numbers following an unauthorized system access detected months after the attack. Substack’s response has triggered concern among users and security experts due to the delay in detection and the lack of detail about the incident’s scope.

Key Takeaways

• Substack confirmed a data breach impacting emails and phone numbers.

• The breach occurred in October 2025 but was not discovered until February 2026.

• Passwords and payment information were not compromised, according to Substack.

• The company has since closed the vulnerability and begun an investigation.

Timeline and Nature of the Incident

Substack revealed that in October 2025, an unauthorized party gained access to user data such as email addresses, phone numbers, and unspecified internal metadata. However, the issue went undetected for several months, raising questions about the company's security monitoring. Substack only identified suspicious activity on February 3, 2026, leading to user notifications shortly after.

What Information Was Exposed

According to Substack, the exposed data includes:

• Email addresses associated with user accounts

• Linked phone numbers

• Some internal metadata used by the platform

No passwords, credit card numbers, or other highly sensitive financial details have been reported as accessed in this incident.

Substack’s Response and User Guidance

Substack patched the vulnerability after discovery and has launched a full investigation. The company issued an apology to affected users, assuring them that additional measures would be taken to strengthen security.

Despite Substack stating there is no evidence of the stolen data being misused so far, cybersecurity observers noted a claim by hackers on an online forum that nearly 700,000 records were for sale. This has yet to be independently verified, but users are urged to remain vigilant for potential phishing attempts or targeted scams.

Suggested Steps for Users

1. Be skeptical of unexpected emails or texts referencing Substack or requiring urgent action.

2. Use strong, unique passwords and consider changing them regularly, even if they were not exposed.

3. Activate two-factor authentication on accounts when possible.

4. Monitor accounts and email addresses for signs of unauthorized activity or attempts at impersonation.

5. Limit personal data exposure by reviewing what information is linked to third-party services.

Lingering Uncertainties and Security Lessons

One major point of concern is the lengthy delay between the breach and its detection. The company has not fully explained how the attack went unnoticed for so long, or provided detailed figures on how many users were impacted. This has led to calls for more transparency regarding incident reporting and timelier notifications to affected individuals.

The Substack breach highlights the persistent risks even in platforms that do not directly handle financial transactions. For creators and subscribers alike, email addresses and phone numbers remain valuable targets for scammers. As the investigation continues, users are advised to stay alert to suspicious communications and adopt stricter cybersecurity measures moving forward.

By staying vigilant and adopting safe browsing practices, users can significantly reduce their exposure to these evolving threats. As cyber threats continue to evolve, your security strategy needs to evolve with them. BetterWorld Technology delivers adaptive cybersecurity solutions designed to keep your business secure while supporting innovation. Connect with us today to schedule a personalized consultation.