Substack warns customers of data breach following hacker’s dark web claims

Customers of the newsletter platform Substack were warned on Wednesday that their email addresses, phone numbers and other metadata were leaked in a recently discovered data breach.

Substack CEO Chris Best sent a letter to customers confirming reports he company had been breached by cybercriminals. 

 The publishing platform said it discovered a problem with its systems on February 3 that "allowed an unauthorized third party to access limited user data without permission." The stolen data dates back to October 2025, according to Best. 

Credit card numbers, passwords and other financial data were not leaked. Substack did not respond to requests for comment about the size of the breach and has not published a public statement about the security incident.  

"We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future," Best said. 

The company warned that customers should be cautious about any texts or email messages they may get. 

The statement follows an unidentified hacker claiming to have stolen the personal information of about 700,000 users. The data tranche allegedly included emails, phone numbers, names, user IDs, Stripe IDs, profile pictures, bios and more. It is unclear if the claims about the size and scope of the breach are genuine.

Substack has grown into a significant alternative to the contracting newspaper industry since emerging in 2017, and now boasts more than $5 million paid subscribers and about 20 million active monthly users. About 17,000 writers earn money from the platform.