ICYMI: SubStack data breach confirmed: user phone numbers email addresses all stolen in attack
data security is crucial!
From here:
“Substack confirms October 2025 breach exposing user emails, phone numbers, and metadata
CEO Chris Best assured no financial data or credentials were accessed; hole patched and investigation ongoing
BreachForums thread advertises ~700K stolen records, despite Substack claiming no evidence of abuse so far
Substack has confirmed threat actors broke into its systems and stole user emails and phone numbers.
“On social media people are sharing screenshots of a data breach notification letter, sent to affected individuals by Substack CEO Chris Best saying the company found “evidence of a problem with our systems” on February 3.
This problem allowed an unidentified and unauthorized third party to “access limited user data without permission, including email addresses, phone numbers, and other internal metadata.”
“Best said the breach took place in October 2025, and that credit card information, login credentials, and financial information, were not accessed.”
“He further stated that the hole the miscreants used to break in was patched, and that a full investigation is under way. Substack is also “taking steps to improve our systems and processes to prevent this type of issue from happening in the future.”
“While the platform claims there is no evidence of the data being abused in the wild, BleepingComputer found a new thread on the infamous BreachForums, in which a threat actor advertised a database of almost 700,000 records stolen from the company.”
“According to the attackers, they scraped the data fast, since the scraping method they used
“For those unfamiliar with Substack, it is a newsletter platform with social network elements, boasting some 17 million users at the moment.”
I thought I detected some ‘wonkiness’ when posting to my Stack and also with the number sf subscribers and follower – hopefully nobody has burgled anything important!
Happy Valentine’s day for tomorrow or diverted paid subscriptions– I love all my subscribers, especially the paying ones!
Onwards!!!
PLEASE take a (paid or unpaid) subscription or forward this article to those you think might be interested
You can also donate via Ko-fi – any amount from three dollars upwards. Ko-fi donations here:
Data security is as realistic as an unsinkable ship.
There is no privacy nor security anymore. Nor a Constitution for that matter….