Skip to content
Cyber Breaches
Search
Data breachResolved

Substack data breach (2025)

In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as…

Victim
Substack
records
663.1K
SectorMedia

Imported from Have I Been Pwned — pending editorial review and translation to French. The summary below is machine-extracted; consult the source for details.

In 2025-10-23, Substack was affected by a data breach. Approximately 663,121 accounts were exposed. In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as…

Sources

  1. haveibeenpwned.comhttps://haveibeenpwned.com/PwnedWebsites#Substack
  2. substack.comhttps://substack.com

Related incidents

Data breachContained

697,313 Substack records exposed in data leak

Substack disclosed in February 2026 that an unauthorized third party scraped its systems, exposing roughly 697,313 user records including email addresses, phone numbers, names, user and Stripe IDs, and profile metadata; passwords and financial data were not affected.

Victim
Substack
Records
697.3K
Data breachResolved

Pass'Sport data breach (2025)

In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households.

Victim
Pass'Sport
Records
6.4M
Data breachResolved

APOIA.se data breach (2025)

In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.

Victim
APOIA.se
Records
450.8K
Data breachResolved

Under Armour data breach (2025)

In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses.

Victim
Under Armour
Records
72.7M