Substack

substack.com

665,183
Exposed Records
Oct 2025
Breach Date
9 months ago
Unknown
Password Risk
News Media industry
News Media
Industry
Added to XposedOrNot on February 7, 2026 · #461 of 763 breaches by records exposed

About This Breach

Substack, a publishing and newsletter platform, suffered a data breach in October 2025 that was later circulated more widely in February 2026. The breach exposed 665k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios.

Data Exposed

Email addresses
Phone numbers

Breach Details

Breach Type Data Breach
Searchable Yes
Verified Yes
Sensitive Data No
Reference No reference available

Frequently Asked Questions

When did the Substack data breach happen?

Substack was breached in Oct 2025. The breach was added to the XposedOrNot index on February 7, 2026.

How many records were exposed in the Substack breach?

665,183 records were exposed, making it the #461 largest of the 763 breaches in our index.

What data was exposed in the Substack breach?

The exposed data includes: Email addresses, Phone numbers.

What should I do if I was affected by the Substack breach?

Change your password on the affected service (and anywhere you reused it), turn on two-factor authentication, and set up free breach alerts on XposedOrNot so you know the moment your email appears in a new breach.

What Should You Do?

High Priority

Enable Two-Factor Authentication

Add 2FA on all supported accounts using an authenticator app like Google Authenticator or Authy.

Recommended

Watch for Phishing Calls & SMS

Be cautious of unexpected calls or texts asking for personal information.

Recommended

Monitor Your Accounts

Set up login alerts and review account activity regularly for suspicious access.