Substack Data Breach

October 22, 2025 · 663,121 records · moderate risk

0 /100

Gravity Score

Low

Calculated based on the types of data exposed (2 categories) and the volume of affected records (663,121).

In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.

Exposed data

Email addresses Phone numbers

Affected website

substack.com

What to do now

🛡️Enable two-factor authentication (2FA) on all accounts that support it 📱Watch out for phishing attempts via SMS and suspicious calls 📧Stay alert for phishing emails that may look legitimate using information from this breach 🔍Use a password manager to create unique, strong passwords for every service

What can we learn from this breach?

Breaches like this offer valuable lessons for the entire industry. Some security practices that help protect data at scale include: encrypting sensitive personal data at rest with properly managed encryption keys; segmenting and isolating databases so that a single breach doesn't expose all records; conducting regular security audits and penetration testing; implementing real-time intrusion detection and incident response plans. Information security is an ongoing process, and each incident reinforces the importance of investing in data protection.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Canadian Tire

Oct 1, 2025 38,306,562 records high risk

2 data types in common

CarGurus

Feb 13, 2026 12,461,887 records moderate risk

2 data types in common

← All breaches