Techcrunch
Newsletter platform Substack has confirmed a data breach where an unauthorized third party accessed user data, including email addresses and phone numbers. The company stated that more sensitive information like credit card numbers and passwords were not compromised.
AI 生成摘要
電子報平台 Substack 已確認發生資料外洩,未經授權的第三方存取了包含電子郵件地址和電話號碼的使用者資料。該公司表示,信用卡號碼和密碼等更敏感的資訊並未受到影響。
Latest
AI
Amazon
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
Staff
Events
Startup Battlefield
StrictlyVC
Newsletters
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Newsletter platform Substack has confirmed a data breach in an email to users. The company said that in October, an “unauthorized third party” accessed user data, including email addresses, phone numbers, and other unspecified “internal metadata.”
Substack specified that more sensitive data, such as credit card numbers, passwords, and other financial information, was unaffected.
In an email sent to users, Substack chief executive Chris Best said that the company identified the issue in February that allowed someone to access its systems. Best said that the company has fixed the problem and started an investigation.
“I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission,” said Best in the email to users. “I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.”
It’s not clear what exactly the issue was with its systems, and the scope of the data that was accessed. It’s also not yet known why the company took five months to detect the breach, or if the company was contacted by hackers demanding a ransom. TechCrunch asked the company for more details, and we will update our story if we hear back.
Substack did not say how many users are affected. The company said that it doesn’t have any evidence that users’ data is being misused, but did not say what technical means, such as logs, it has to detect evidence of abuse. However, the company asked users to take caution with emails and texts without any particular indicators or direction.
On its website, Substack says that its site has more than 50 million active subscriptions, including 5 million paid subscriptions — a milestone it reached last March. In July 2025, the company raised $100 million in Series C funding led by BOND and The Chernin Group (TCG) with participation from a16z, Klutch Sports Group CEO Rich Paul, and Skims co-founder Jens Grede.
Topics
Ivan covers global consumer tech developments at TechCrunch. He is based out of India and has previously worked at publications including Huffington Post and The Next Web.
You can contact or verify outreach from Ivan by emailing [email protected] or via encrypted message at ivan.42 on Signal.
Tickets are live at the lowest rates of the year. Save up to $680 on your pass now.Meet investors. Discover your next portfolio company. Hear from 250+ tech leaders, dive into 200+ sessions, and explore 300+ startups building what’s next. Don’t miss these one-time savings.
Homeland Security is trying to force tech companies to hand over data about Trump critics
Fintech CEO and Forbes 30 Under 30 alum has been charged for alleged fraud
Two Stanford students launch $2M startup accelerator for students nationwide
Notepad++ says Chinese government hackers hijacked its software updates for months
Meet the new European unicorns of 2026
Nvidia CEO pushes back against report that his company’s $100B OpenAI investment has stalled
OpenClaw’s AI assistants are now building their own social network
© 2025 TechCrunch Media LLC.