(Credit: Thomas Fuller/SOPA Images/LightRocket via Getty Images)
Popular newsletter platform Substack is the latest company to confirm it experienced a security incident, in which users' email addresses and phone numbers were exposed.
According to an email sent to some Substack users, and first reported by The Verge, the brand's CEO says internal data was accessed by an unauthorized third party in October. Substack identified the issue earlier this week and notified affected users within two days of discovery.
If you’re impacted, you’ll hear directly from Substack by email. It says the exposed information included email addresses, phone numbers, and “other internal metadata" related to those users. It says it has found no evidence that the information is being used.
Substack also says all credit card information, passwords, and financial details remain secure.
Substack's CEO, Chris Best, says in the email, “I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.” He also shares that Substack is conducting an investigation to identify steps to improve its systems going forward.
He ends the email with “This sucks. I’m sorry. We will work very hard to make sure it does not happen again.”
This doesn’t appear to affect all Substack users, with two different PCMag reporters who read newsletters on Substack saying they haven't been notified of the data breach. Many online who say they've received the notification are writers for the platform, so it may disproportionately impact those who own newsletters on Substack.
The brand has yet to share how many users are affected or why some are when others aren't. Even if you don't get an email from Substack, be careful with any messages sent to your email or phone number if you've previously shared your contact information with the newsletter platform.