Substack
US·substack.com
Breach Detected
1 breach found for this domain
Policy Issues
5The company claims no automated decision-making or profiling, but explicitly states it uses profiling to suggest content.contradiction
The company does not claim universal data encryption and explicitly states that direct messages are not end-to-end encrypted.contradiction
The company claims not to share data with third parties at all, but explicitly lists sharing with service providers for operational purposes.tension
The company claims not to share data with third parties at all, but the policy indicates involvement in or facilitation of interest-based advertising, which typically involves sharing with advertisers or ad networks.contradiction
The company claims not to share data with third parties at all, but explicitly lists sharing with a broad range of third parties including affiliates, creators, service providers, other data controllers, other users, prospective buyers/sellers, and government authorities.contradiction
Breach History
Substack
October 23, 2025
663.1K
Records exposed
2
Data types leaked
Verified
Breach status
In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.
Exposed Data Types
Email addressesPhone numbers