{"id":4413,"date":"2026-02-06T20:37:47","date_gmt":"2026-02-06T20:37:47","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/02\/06\/substack-confirms-data-breach-limited-user-data-compromised\/"},"modified":"2026-02-06T20:37:47","modified_gmt":"2026-02-06T20:37:47","slug":"substack-confirms-data-breach-limited-user-data-compromised","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2026\/02\/06\/substack-confirms-data-breach-limited-user-data-compromised\/","title":{"rendered":"Substack Confirms Data Breach, &#8220;Limited User Data&#8221; Compromised"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Newsletter platform Substack has confirmed it suffered a security incident, leading to the compromise of users\u2019 email addresses and phone numbers.<\/p>\n<p>Chris Best, the CEO of Substack, notified users of the data breach in an email sent to some users on February 5.<\/p>\n<p>The CEO said his security team detected the incident on February 3, noticing \u201cevidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers and other internal metadata.\u201d<\/p>\n<p>He also added that no financial information, including credit card numbers, or passwords were accessed.<\/p>\n<p>Best further explained that the data collection occurred in October 2025 and claimed that the Substack security team has now \u201cfixed the problem with our system that allowed this to happen.\u201d No further information on the incident was provided.<\/p>\n<p>Substack is now conducting a full investigation and is taking steps to improve our systems and processes to prevent this type of issue from happening in the future.<\/p>\n<div>\n<p>Speaking to <em>Infosecurity<\/em>, a Substack spokesperson said\u00a0an unauthorized party was able to access limited account information &#8220;during a short window.&#8221;<\/p>\n<p> &#8220;Once we became aware, the issue was addressed and additional safeguards were put in place. We cannot share specifics about our security systems and processes, but we can confirm that the issue has been resolved,&#8221; they added.<\/p>\n<\/div>\n<p>No further information on the incident was provided and the Substack CEO did not specify the number of affected users or clarify why the breach was only detected four months after it happened.<\/p>\n<p>Substack reported having over 50 million active subscriptions, including five million paid, as of March 2025.<\/p>\n<p>Javvad Malik, a lead security awareness advocate at KnowBe4 said that while transparent breach notifications \u201cshould always be commended,\u201d this one is \u201ca bit light on the details which does not help people accurately judge the risk and take concrete action.\u201d<\/p>\n<p>\u201cThe phrase &#8216;limited user data&#8217; is particularly vague. Email addresses and phone numbers are enough for targeted phishing, SIM-swap attempts, or doxxing. Even if passwords weren\u2019t accessed, attackers don\u2019t need passwords if they can socially engineer users,\u201d Malik said.<\/p>\n<div>\n<p>\u201cThe timeline is significant. If the data was accessed in October 2025, but only just disclosed, it&#8217;s a significant dwell time. That isn&#8217;t to say there&#8217;s negligence on part of Substack because detection can be difficult,\u201d Malik commented. \u201cBut impacted users deserve a clearer explanation of how the breach was identified and which monitoring controls failed to detect it initially, and most importantly, what&#8217;s changing as a result.\u201d<\/p>\n<p> Chris Hauk, a consumer privacy advocate at Pixel Privacy, urged Substack users to \u201cpractice extra care\u201d when dealing with unexpected messages, emails or calls, while Paul Bischoff, also a consumer privacy advocate at Comparitech emphasized that they should be \u201con the lookout for targeted phishing emails and scams.\u201d<\/p>\n<\/div>\n<p><em>Image credits:\u00a0Azulblue \/ Shutterstock<\/em><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Newsletter platform Substack has confirmed it suffered a security incident, leading to the compromise of users\u2019 email addresses and phone numbers. Chris Best, the CEO of Substack, notified users of the data breach in an email sent to some users on February 5. The CEO said his security team detected the incident on February 3<\/p>\n","protected":false},"author":2,"featured_media":4414,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4413","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4413-dc52bbe7-f20f-4fc3-86f2-1f956a5ec30c-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4413"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4413\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4414"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4413"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}