Substack
MediumThe 2025 Substack data breach exposed email addresses, public profile data, and some phone numbers of over 663,000 users.
- Records exposed
- 663,121 records
- Breach date
- Breach Oct 23, 2025
- Last update
- Updated Feb 6, 2026
What data was exposed?
Fields reported as compromised in this breach record.
Why does this breach matter?
In-depth analysis of the breach and its implications.
In October 2025, Substack, a publishing platform, experienced a data breach that later became widely recognized in February 2026. The incident resulted in the exposure of detailed personal information of 663,121 account holders, specifically email addresses and selected phone numbers, as well as publicly accessible profile data including publication names and bios.
Impact Analysis
Understanding the scope and consequences of this breach.
- User Impact
- Users may face phishing attempts leveraging their contact details and public information.
- Business Impact
- Substack faced reputational harm and potential regulatory scrutiny after this incident.
- Affected Sectors
- Publishing Platforms
- User Accounts
- Geographic Impact
- Global
What You Should Do
Recommended actions to take in response to this breach.
If You Were Affected
- •Change all account credentials associated with Substack.
- •Remain vigilant for phishing or targeted attacks.
- •Enable two-factor authentication on all accounts.
Preventive Measures
- •Utilize unique passwords for each account.
- •Be cautious of sharing phone number and email address information online.
- •Monitor accounts for unexpected changes or access.
Frequently Asked Questions
Common questions about this breach and what it means for you.