Why there is no official statement from Substack about the data leak
3 months ago
- #Substack
- #cybersecurity
- #data-breach
- Substack confirmed a data breach where an unauthorized third party accessed user data including email addresses, phone numbers, and internal metadata.
- Sensitive data like credit card numbers and passwords remained unaffected.
- The breach was detected in February, five months after it occurred, and the issue has since been fixed.
- Substack CEO Chris Best apologized for the incident, acknowledging the company's failure to protect user data.
- The exact scope of the breach and the reason for the delayed detection remain unclear.
- Substack has not disclosed the number of affected users but claims no evidence of data misuse.
- Users are advised to be cautious with unsolicited emails and texts.
- Substack boasts over 50 million active subscriptions, including 5 million paid ones, and raised $100 million in Series C funding in July 2025.