Substack confirms data breach affects users' email addresses and phone numbers
Summary
TechCrunch reports Substack confirmed a data breach exposing user email addresses, phone numbers, and internal metadata, while credit card numbers and passwords were not affected. The incident occurred in October 2025 and was detected in February 2026; the company fixed the issue and started an investigation, with no disclosed figure on affected users or evidence of misuse yet. This underscores data-security risks for newsletter platforms and the need for vigilant monitoring and user awareness against phishing.