Write 2 sentences summarizing the content. At the end, add hashtags for specific keywords mentioned in the article—such as names of malware, threat actors, or affected organizations/systems. Avoid general terms like #malware, #ransomware, or #cybersecurity. Use this format: #Keyword1 #Keyword2
Substack confirmed an unauthorized third party accessed limited user data, including email addresses, phone numbers and other metadata, in a breach discovered on February 3; the company says the exposed records date back to October 2025. CEO Chris Best said the vulnerability has been fixed and an investigation is underway while claims that about 700,000 users were affected remain unverified. #Substack #ChrisBest
Keypoints
- Unauthorized access exposed emails, phone numbers, names, user IDs, Stripe IDs, profile pictures and bios.
- Substack discovered the issue on February 3 and says the stolen data dates back to October 2025.
- Credit card numbers, passwords and other financial data were not leaked.
- An unidentified hacker claimed about 700,000 users were affected, but the size and scope are unconfirmed.
- Substack says it has fixed the vulnerability, is conducting a full investigation, and warned users to watch for phishing texts and emails.
Read More: https://therecord.media/substack-data-breach-notification