In a disclosure that raises fresh concerns around platform security, Substack has confirmed a data breach that exposed certain user details. The company informed users via email that an “unauthorized third party” accessed its systems in October last year.
According to Substack, the compromised data includes email addresses, phone numbers, and other internal metadata linked to user accounts. The company stressed that sensitive information such as credit card details and passwords was not impacted by the incident.
Substack CEO Chris Best addressed the breach in an email sent to users, stating that a system vulnerability was identified in February. The flaw allowed unauthorized access to user information over an extended period.
“I am reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission,” Best wrote.
Best said the company has since fixed the vulnerability and launched an internal investigation to understand how the breach occurred. He apologised to users for the lapse, saying, “I’m incredibly sorry this happened.” He also acknowledged shortcomings in the company’s safeguards, adding they “came up short here.”
While Substack has confirmed that corrective steps have been taken, it has not provided details on the specific nature of the vulnerability or explained how the issue went undetected for nearly 5 months.
The company has also not disclosed the number of users affected by the breach. Substack said it has no evidence that the exposed data has been misused, but it did not outline the technical methods used to monitor or detect potential abuse.
Following the incident, Substack has advised users to remain cautious about unexpected emails and text messages. The company did not provide specific indicators for identifying phishing attempts but urged users to stay alert in the aftermath of the breach.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
