697,313 Substack records exposed in data leak
Substack disclosed in February 2026 that an unauthorized third party scraped its systems, exposing roughly 697,313 user records including email addresses, phone numbers, names, user and Stripe IDs, and profile metadata; passwords and financial data were not affected.
- Victim
- Substack
- records
- 697.3K
On 3 February 2026, Substack β the US-based newsletter and online publishing platform β identified a data leak after a dataset of its users surfaced on a public hacking forum. The exposure traced back to an intrusion in October 2025, when an unauthorized third party accessed Substack's systems and harvested user data, reportedly through a scraping attack against the platform's API. The flaw was subsequently fixed.
A threat actor using the alias "w1kkid" posted the data on BreachForums, uploading a CSV file containing approximately 697,313 user records. Substack formally notified affected users on 6 February 2026, with CEO Chris Best apologizing for the incident and the roughly five-month gap between the breach and its discovery.
Exposed data included:
- Names and email addresses
- Phone numbers
- User IDs and Stripe IDs (used by paid creators)
- Profile pictures and biographies
- Account creation dates and social media handles
Substack confirmed that passwords, credit card numbers, and other financial information were not compromised. The company said it had patched the underlying issue and opened an investigation; the incident is considered contained.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-03-substack
- techcrunch.comhttps://techcrunch.com/2026/02/05/substack-confirms-data-breach-affecting-email-addresses-and-phone-numbers/
- csoonline.comhttps://www.csoonline.com/article/4128287/substack-data-breach-leaks-users-email-addresses-and-phone-numbers.html
- haveibeenpwned.comhttps://haveibeenpwned.com/Breach/Substack