Substack Discloses Security Incident After Hacker Leaks Data

Digital publishing platform Substack has disclosed a data breach after a hacker leaked user records allegedly taken from the company’s systems.

Substack is a popular subscription-based publishing platform that allows writers, podcasters, and creators to send newsletters directly to their subscribers while monetizing their work. According to the latest data, the platform has approximately 35 million subscribers.

The company has begun sending notifications to inform users about a security incident that compromised email addresses, phone numbers, and internal metadata.

Substack said the incident occurred in October 2025 but was only discovered on February 3, when the company found “evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission”.

The notification to users, signed by Substack CEO Chris Best, states that passwords, payment card numbers, and other financial information were not exposed.

While the company said it has no evidence ...