好的,我现在需要帮用户总结一篇文章,控制在100字以内,而且不需要特定的开头。首先,我得仔细阅读文章内容,抓住关键点。 文章讲的是Substack发生了数据泄露事件,黑客声称窃取了70万用户的资料,包括邮箱和电话号码。Substack已经确认了这次 breach,并提到虽然密码和财务信息没有被泄露,但用户的敏感信息还是被盗了。公司是在2月3日发现这个问题的,但实际入侵发生在2025年10月。他们已经修复了系统,并正在调查。 接下来,我需要把这些信息浓缩到100字以内。要突出用户数量、泄露的数据类型、公司回应以及潜在风险。可能还要提到用户需要注意可疑信息。 现在组织语言:Substack确认数据泄露,70万用户受影响,泄露邮箱、电话和内部元数据。虽然密码和财务数据安全,但这些信息在当前网络安全环境下仍然敏感。公司已修复问题并展开调查。 这样应该符合要求了。 </think> Substack确认发生数据泄露事件,约70万名用户受影响,涉及电子邮件地址、电话号码及内部元数据。尽管密码和财务信息未被泄露,但敏感数据仍可能引发安全风险。公司已修复系统漏洞并展开调查。 2026-2-5 20:23:22 Author: securityaffairs.com(查看原文) 阅读量:0 收藏
Hacker claims theft of data from 700,000 Substack users; Company confirms breach
Pierluigi Paganini
February 05, 2026
Substack confirmed a data breach after a hacker leaked data from nearly 700,000 users, including email addresses and phone numbers.
Substack is an online platform for publishing email‑based newsletters and blogs, with built‑in paid subscriptions and basic analytics. It’s free to start; creators pay a fee on paid plans. In 2026 it’s estimated to serve tens of thousands of writers and over 35 million active readers worldwide.
Substack disclosed a security incident affecting email addresses, phone numbers, and internal metadata. The company discovered the security breach on February 3rd, 2026, but the incident occurred in October 2025. According to the message sent by CEO Chris Best to the impacted individuals, passwords and financial data were not exposed.
“I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission.” reads the message sent to the impacted individuals. “On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata. This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.“
— Arvid Kahl (@arvidkahl) February 5, 2026The issue with data breach notifications like this one from Substack (just now!) is that financial data and passwords are listed as 'not leaked.'
Great, now there's just a list of emails paired with phone numbers.
In a world of 2FA & SIM swaps, email + phone IS critical data. pic.twitter.com/SUtK7h7qvM
On a cybercrime forum a threat actor claimed to have stolen nearly 700,000 records from the company, including names and contacts.
The company launched an investigation into the security breach and took steps to enhance the security of its infrastructure.
“We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future.” concludes the message. “What you can do. We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.”
There is no evidence of misuse so far, but users are advised to stay alert and be cautious of any suspicious emails or text messages.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
如有侵权请联系:admin#unsafe.sh