[AI Minor News Flash] Substack Data Breach! Email Addresses and Phone Numbers Exposed, 5-Month Gap Before Discovery
📰 News Overview
- Newsletter platform Substack has acknowledged unauthorized access and a data breach by an external third party.
- The breach, which occurred in October 2025, went undetected until February 2026, leading to a staggering 5-month delay.
- While the platform boasts over 50 million subscriptions, the exact number of affected users has not been disclosed.
💡 Key Points
- The leaked data includes user email addresses, phone numbers, and specific internal metadata.
- It has been confirmed that credit card numbers, passwords, and other financial information were not part of this breach.
- CEO Chris Best sent out an apology email to users, reporting on the issue’s rectification and the commencement of an investigation.
🦈 Shark’s Eye (Curator’s Perspective)
The lag in detecting the intrusion from October until February highlights significant challenges in their security framework! It’s fortunate that passwords and payment information remain intact, but the combo of email addresses and phone numbers poses a high risk for phishing attacks, so users need to stay vigilant. Given Substack’s rapid growth with over 50 million subscribers and $100 million in funding, they must ensure transparency in their investigative reporting to regain trust!
🚀 What’s Next?
In-depth investigations are expected to reveal the actual number of victims and the root causes of the vulnerabilities. While Substack claims no evidence of exploitation through logs, they urge users to be cautious of unexpected communications, emphasizing the need for enhanced monitoring protocols.
💬 A Word from Your Shark Friend
The ocean of data is always fraught with danger! Even if passwords are safe, if your email leaks, don’t bite on those suspicious emails! 🦈🔥