Substack 確認資料外洩，影響使用者電子郵件地址與電話號碼

Topics

Latest

AI

Amazon

Apps

Biotech & Health

Climate

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

Startups

TikTok

Transportation

Venture

More from TechCrunch

Staff

Events

Startup Battlefield

StrictlyVC

Newsletters

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

Substack confirms data breach affects users’ email addresses and phone numbers

Newsletter platform Substack has confirmed a data breach in an email to users. The company said that in October, an “unauthorized third party” accessed user data, including email addresses, phone numbers, and other unspecified “internal metadata.”

Substack specified that more sensitive data, such as credit card numbers, passwords, and other financial information, was unaffected.

In an email sent to users, Substack chief executive Chris Best said that the company identified the issue in February that allowed someone to access its systems. Best said that the company has fixed the problem and started an investigation.

“I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission,” said Best in the email to users. “I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.”

It’s not clear what exactly the issue was with its systems, and the scope of the data that was accessed. It’s also not yet known why the company took five months to detect the breach, or if the company was contacted by hackers demanding a ransom. TechCrunch asked the company for more details, and we will update our story if we hear back.

Substack did not say how many users are affected. The company said that it doesn’t have any evidence that users’ data is being misused, but did not say what technical means, such as logs, it has to detect evidence of abuse. However, the company asked users to take caution with emails and texts without any particular indicators or direction.

On its website, Substack says that its site has more than 50 million active subscriptions, including 5 million paid subscriptions — a milestone it reached last March. In July 2025, the company raised $100 million in Series C funding led by BOND and The Chernin Group (TCG) with participation from a16z, Klutch Sports Group CEO Rich Paul, and Skims co-founder Jens Grede.

TechCrunch Founder Summit 2026: Tickets Live

TechCrunch Founder Summit: Tickets Live