Substack Data Breach Exposes User Email Addresses and Phone Numbers
Substack, the popular newsletter platform used by writers and creators, confirmed a data breach that exposed user email addresses, phone numbers, and internal metadata. The unauthorized access occurred in October 2023 but was not detected until February 3, 2024, leaving user data potentially exposed for months.
According to Substack CEO Chris Best, the breach did not compromise passwords, credit card numbers, or financial information. The company stated it has since resolved the system issue and launched a full investigation, though it has not provided details on why the breach went undetected for so long or what specific safeguards are now in place.
While Substack reported no evidence of misuse, exposed contact details such as email addresses and phone numbers can be leveraged in phishing attacks, where scammers craft personalized messages referencing subscriptions or account activity to trick users into clicking malicious links.
The incident highlights ongoing security risks for even niche platforms, raising concerns about detection delays and transparency in breach responses. Substack has urged users to remain cautious of suspicious communications.
Source: https://cyberguy.com/security/substack-data-breach-exposes-emails-phone-numbers/
Substack TPRM report: https://www.rankiteo.com/company/substack
"id": "sub1771967867",
"linkid": "substack",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users (number not specified)',
'industry': 'Technology, Media',
'name': 'Substack',
'type': 'Newsletter Platform'}],
'customer_advisories': 'Urged users to remain cautious of suspicious '
'communications',
'data_breach': {'personally_identifiable_information': ['Email addresses',
'Phone numbers'],
'sensitivity_of_data': 'Moderate (contact details, no '
'financial or password data)',
'type_of_data_compromised': ['Email addresses',
'Phone numbers',
'Internal metadata']},
'date_detected': '2024-02-03',
'description': 'Substack confirmed a data breach that exposed user email '
'addresses, phone numbers, and internal metadata. The '
'unauthorized access occurred in October 2023 but was not '
'detected until February 3, 2024. The breach did not '
'compromise passwords, credit card numbers, or financial '
'information. Exposed contact details can be leveraged in '
'phishing attacks.',
'impact': {'brand_reputation_impact': 'Raised concerns about detection delays '
'and transparency in breach responses',
'data_compromised': 'User email addresses, phone numbers, internal '
'metadata',
'identity_theft_risk': 'Phishing attacks leveraging exposed '
'contact details'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Highlights ongoing security risks for niche platforms and '
'concerns about detection delays and transparency in '
'breach responses',
'recommendations': 'Users should remain cautious of phishing attacks '
'leveraging exposed contact details',
'references': [{'source': 'Substack CEO Chris Best'}],
'response': {'communication_strategy': 'Urged users to remain cautious of '
'suspicious communications',
'containment_measures': 'Resolved the system issue'},
'title': 'Substack Data Breach Exposes User Email Addresses and Phone Numbers',
'type': 'Data Breach'}