Signal

Substack notifies users after breach exposed emails and phone numbers

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-05 12:54 UTCUpdated 2026-02-05 19:54 UTC

rss

breachdata_exposureaccount_securityuser_notificationincident_disclosuredark_web_claims

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Substack says intruder lifted emails, phone numbers in months-old breach

The Register Security · News · go.theregister.com · 2026-02-05 19:54 UTC

Substack Discloses Security Incident After Hacker Leaks Data

SecurityWeek · News · securityweek.com · 2026-02-05 15:13 UTC

Substack warns customers of data breach following hacker’s dark web claims

The Record (Recorded Future News) · News · therecord.media · 2026-02-05 14:59 UTC

Newsletter platform Substack notifies users of data breach

bleepingcomputer_all · News · bleepingcomputer.com · 2026-02-05 12:54 UTC

View all evidence

Overview

Substack is notifying users about a security incident involving unauthorized access to user contact details. Multiple reports describe attackers accessing or stealing email addresses and phone numbers, with the incident tied to activity in October 2025 and later disclosure after claims of stolen data surfaced online.

Entities

Substack

Score total

1.47

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

Substack is issuing breach notifications to users now
Reports cite hacker leak/dark web claims as a trigger for disclosure
Incident details are being consolidated across multiple outlets

Why it matters

Exposed emails/phone numbers can enable targeted phishing and account takeover attempts
Delayed detection increases uncertainty about scope and downstream misuse
Public leak claims can accelerate fraud attempts against users and creators

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Substack notified users of a breach involving stolen or accessed email addresses and phone numbers.
Reporting links the notification to a hacker’s claims about stolen Substack data posted on the dark web.

How sources frame it

BleepingComputer: neutral
The Register: neutral
The Record: neutral
SecurityWeek: neutral

All evidence

All evidence

Substack says intruder lifted emails, phone numbers in months-old breach

The Register Security · go.theregister.com · 2026-02-05 19:54 UTC

Substack Discloses Security Incident After Hacker Leaks Data

SecurityWeek · securityweek.com · 2026-02-05 15:13 UTC

Substack warns customers of data breach following hacker’s dark web claims

The Record (Recorded Future News) · therecord.media · 2026-02-05 14:59 UTC

Newsletter platform Substack notifies users of data breach

bleepingcomputer_all · bleepingcomputer.com · 2026-02-05 12:54 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

The Register Security (1)
SecurityWeek (1)
The Record (Recorded Future News) (1)
bleepingcomputer_all (1)

Top origin domains (this list)

go.theregister.com (1)
securityweek.com (1)
therecord.media (1)
bleepingcomputer.com (1)