Substack Breach: 663K Accounts Exposed

Overview

In October 2025, the popular newsletter platform Substack experienced a significant data breach. The compromised information was later distributed more widely in February 2026, increasing the risk to affected users. This incident impacted over 663,000 account holders. While Substack is designed for public writing, the breach extracted and concentrated personal account details, moving them from a controlled platform into the hands of cybercriminals. This matters because your exposed data can now be used for targeted scams and identity theft attempts.

What Was Exposed

The breach exposed a core set of personal information linked to Substack accounts. Every affected record included the user’s email address and name. Additionally, the data contained publicly visible profile information, such as the names of publications you run or follow and your profile biography. Most concerningly, for a subset of users, phone numbers were also included in the leaked data. This combination creates a detailed profile that can be used against you.

Potential Impact

The severity of this breach is HIGH due to the nature of the combined data. With your email, name, and knowledge of your Substack interests, attackers can craft highly convincing phishing emails and smishing (SMS phishing) texts. These messages may appear to come from Substack itself or other services you use, tricking you into revealing passwords or financial information. The inclusion of phone numbers for some users significantly increases the risk of harassment, targeted scams, and account takeover attempts via SIM-swapping. Furthermore, this data can be cross-referenced with other breaches, building a more complete picture for identity theft.

Recommendations

Take these steps immediately to protect yourself:

1. Change Your Substack Password: Immediately update your Substack password to a new, strong, and unique one. Do not reuse this password on any other website.
2. Enable Multi-Factor Authentication (MFA): If Substack offers MFA (sometimes called two-factor authentication), enable it now. This adds a critical layer of security beyond just a password.
3. Beware of Targeted Phishing: Be extremely cautious of emails or text messages that reference Substack, your publication, or seem to know your interests. Do not click on links or provide login details. Always navigate to websites directly by typing the URL.
4. Monitor for SMS Scams: If your phone number was exposed, be skeptical of unsolicited texts, even if they appear to come from legitimate organizations.
5. Consider a Password Manager: Using a password manager helps you create and store a unique, strong password for every online account, preventing a breach on one site from compromising others.

How to Check If You’re Affected

The breach has been reported to the free service Have I Been Pwned. To check if your data was compromised:

1. Visit https://haveibeenpwned.com
2. Enter your primary email address into the search bar.
3. The service will show if your email appears in the Substack breach and others. You can also directly view the breach notification at: https://haveibeenpwned.com/Breach/Substack. If you are notified that you were affected, please follow the recommendations above.