Newsletter platform Substack confirmed the data breach in an email to users. The company announced in October that an “unauthorized third party” had accessed user data, including email addresses, phone numbers, and other unspecified “internal metadata.”
Substack specified that more sensitive data such as credit card numbers, passwords, and other financial information will not be affected.
In an email to users, Substack CEO Chris Best said the company identified an issue in February that allowed someone to gain access to its systems. Best said Substack resolved the issue and began an investigation.
“We are contacting you to inform you of a security incident in which your Substack account email address and phone number were shared without your permission,” Best said in an email to users. “We are very disappointed that this happened. We take our responsibility to protect our customers’ data and privacy seriously, and here we fell short.”
The exact nature of the system issue or the scope of the data that was accessed is not clear. It’s also not yet known why it took the company five months to detect the breach, or whether it was contacted by hackers demanding a ransom. TechCrunch has asked the company for more details and will update this article if we hear back.
Substack did not say how many users were affected. The company said it has no evidence that users’ data is being misused, but did not say what technical measures, such as logs, it uses to detect evidence of abuse. However, the company urged users to be careful with emails and text messages without any specific metrics or instructions.
Substack says on its website that the site has more than 50 million active subscriptions, including 5 million paid subscriptions, a milestone it reached in March of last year. In July 2025, the company raised $100 million in Series C funding led by BOND and Chernin Group (TCG), with participation from a16z, Klutch Sports Group CEO Rich Pohl, and Skims co-founder Jens Grede.
tech crunch event
boston, massachusetts
|
June 23, 2026
Source link
