Newsletter platform Substack disclosed a security breach after hackers leaked data from nearly 700,000 user accounts on cybercrime forums. The October 2025 attack exposed email addresses, phone numbers, names, and profile information, but passwords and payment details remained secure.
CEO Chris Best notified the platform's 35 million subscribers on February 3, months after the initial breach. The hacker described their "scraping" attack as "noisy," which helped Substack detect and stop it quickly.
While there's no evidence the stolen data has been misused, users should watch for suspicious emails and texts targeting the compromised information.
Source: Security Week