© 2026 CoolTechZone - Latest tech news,
product reviews, and analyses.

Newsletter platform Substack discloses data breach to users


Substack, an American online news platform, has informed its users of a data breach. Personal information of approximately 700,000 users has been leaked.

A hacker known as ‘w1kkid’ posted a message on a popular hacking forum that he managed to lay his hands on personal information of 697,313 users, including full names, email addresses, phone numbers, user IDs, profile pictures, account biographies, account creation dates, social media handles, and more.

Although the incident occurred in October 2025, Chris Best, CEO of Substack, told affected customers that his company found out about the data breach this week.

“On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata,” Best says in an email addressed to affected customers.

He emphasizes that no passwords, credit card numbers, or other financial information were exfiltrated by the attackers.

“We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future,” Best continues.

As of writing, Substack’s CEO says there’s no evidence that any of the stolen data is being misused. However, he encourages users to be extra vigilant with any emails or text messages they receive that may be suspicious.

This isn’t the first time Substack has to deal with a data breach. According to BeelpingComputer, the newsletter platform exposed some users’ email addresses in a privacy policy update email by including them in the ‘to’ line instead of the ‘bcc’ field. This happened in July 2020.

Substack’s subscription network now includes more than 50 million active subscriptions, including 5 million paid subscriptions.

Last year, Substack received a lot of heat for pushing a notification to its users, encouraging them to check a Nazi blog. The online news platform apologized for the “error,” also stating that they “have taken the relevant system offline, diagnosed the issue, and are making changes to ensure it doesn’t happen again.”