🚨Cyberattack Alert ‼️
🇺🇸US - Substack
Substack disclosed a data breach after an unauthorized party accessed its internal systems in October 2025.
The incident was detected on February 3, 2026, exposing limited user data such as email addresses, phone numbers, and internal metadata. The company did not disclose the root cause or the number of affected users.
Separately, on February 2, 2026, Hackmanac observed a threat actor using the alias “w1kkid” claiming to have leaked nearly 700,000 records allegedly linked to Substack.
In the underground forum post, the actor stated the breach occurred in late 2025, a timeline that aligns with Substack’s disclosure of unauthorized access in October 2025.
Sector: News / Multimedia
Threat class: Cybercrime
Status: Confirmed
Source: https://t.co/rVA4m4Am03
For more details about this incident, our ESIX impact score, and additional context, visit https://t.co/eB7qgxKFAa.