Substack Confirms Data Breach Compromising User Contact Information

San Francisco, CA – February 5, 2026 – Substack, the rapidly growing platform for independent writers and newsletters, has officially acknowledged a data breach that has led to the unauthorized access and potential exposure of sensitive user information. According to a report by TechCrunch, the breach specifically compromised the email addresses and phone numbers of Substack users.

The extent of the breach and the exact number of affected users are still being assessed, but the confirmation from Substack itself marks a significant development for the company and its millions of subscribers. This incident underscores the persistent challenges faced by online platforms in safeguarding user data against increasingly sophisticated cyber threats.

While details regarding the specific methods used by attackers remain scarce, the revelation that contact information has been compromised is a cause for concern. Email addresses and phone numbers are foundational elements of online identity and can be exploited for various malicious purposes, including phishing attacks, identity theft, and unsolicited communications. Users are often targeted through these channels with fraudulent schemes designed to extract further personal or financial information.

Substack has not yet released a detailed statement outlining the steps it is taking to mitigate the impact of the breach or to inform affected users directly. However, in such situations, best practices typically involve immediate security enhancements, thorough forensic analysis to understand the attack vector, and transparent communication with the user community. The company's response will be closely watched by its users and the wider tech industry.

The news has already begun to circulate within online communities, with discussions appearing on platforms like Hacker News. Users are expressing a range of reactions, from concern and frustration to calls for greater accountability from technology companies regarding data security. The points and comments generated on these forums highlight the public's heightened awareness and sensitivity to data privacy issues.

This incident serves as a stark reminder that even established platforms are not immune to cyberattacks. The reliance on digital infrastructure for communication and information sharing necessitates robust security measures and a proactive approach to threat detection and prevention. For Substack users, this breach may prompt a re-evaluation of the personal information they share online and the security practices of the platforms they utilize.

Further updates are expected as Substack investigates the incident and provides more information to its user base. In the meantime, users are advised to remain vigilant against potential phishing attempts and to review their account security settings across all online services.

This report is based on information provided by TechCrunch.