Skip to content
Data breachContained

697,313 Substack records exposed in data leak

Substack disclosed in February 2026 that an unauthorized third party scraped its systems, exposing roughly 697,313 user records including email addresses, phone numbers, names, user and Stripe IDs, and profile metadata; passwords and financial data were not affected.

Victim
Substack
records
697.3K

On 3 February 2026, Substack β€” the US-based newsletter and online publishing platform β€” identified a data leak after a dataset of its users surfaced on a public hacking forum. The exposure traced back to an intrusion in October 2025, when an unauthorized third party accessed Substack's systems and harvested user data, reportedly through a scraping attack against the platform's API. The flaw was subsequently fixed.

A threat actor using the alias "w1kkid" posted the data on BreachForums, uploading a CSV file containing approximately 697,313 user records. Substack formally notified affected users on 6 February 2026, with CEO Chris Best apologizing for the incident and the roughly five-month gap between the breach and its discovery.

Exposed data included:

  • Names and email addresses
  • Phone numbers
  • User IDs and Stripe IDs (used by paid creators)
  • Profile pictures and biographies
  • Account creation dates and social media handles

Substack confirmed that passwords, credit card numbers, and other financial information were not compromised. The company said it had patched the underlying issue and opened an investigation; the incident is considered contained.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-03-substack
  2. techcrunch.comhttps://techcrunch.com/2026/02/05/substack-confirms-data-breach-affecting-email-addresses-and-phone-numbers/
  3. csoonline.comhttps://www.csoonline.com/article/4128287/substack-data-breach-leaks-users-email-addresses-and-phone-numbers.html
  4. haveibeenpwned.comhttps://haveibeenpwned.com/Breach/Substack

Related incidents

Data breachResolved

Substack data breach (2025)

In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as…

Victim
Substack
Records
663.1K