Substack is notifying some users that the e-mail addresses and telephone numbers linked to their accounts have been uncovered in a “safety incident” final yr. In an email to account holders, Substack CEO Chris Greatest stated {that a} hacker had accessed inside knowledge with out authorization in October 2025, however that passwords, bank card numbers, and different monetary info stay safe.
“On February third, we recognized proof of an issue with our methods that allowed an unauthorized third celebration to entry restricted person knowledge with out permission, together with e-mail addresses, telephone numbers, and different inside metadata,” Greatest stated within the e-mail. “We wouldn’t have proof that this info is being misused, however we encourage you to take additional warning with any emails or textual content messages you obtain that could be suspicious.”
Substack says that it has since mounted the safety downside, and is now conducting a full investigation alongside bolstering its methods “to stop such a concern from taking place sooner or later.” The platform didn’t present any particulars relating to what the safety concern was, or what number of customers have been impacted — myself and a number of other Verge colleagues who additionally use Substack didn’t obtain the e-mail. We’ve got reached out to Substack for clarification.
“I’m extremely sorry this occurred,” Greatest stated within the e-mail to customers. “We take our accountability to guard your knowledge and your privateness significantly, and we got here up brief right here.”
