I posted this in a comment to someone else yesterday. First, there is an article on the breach which tells more than the Substack Breach Notification does.
Substack Data Breach Leads to Leak of Nearly 700,000 Records
Note that the article lists more personal data leaked than the Notification shows:
"Leaked fields include full names, email addresses, phone numbers, user IDs, Stripe IDs, profile pictures, biographies, account creation dates, and social media handles."
I'm not concerned about names, email addresses, profile pictures (mine is of Thanos!), biographies, account creation dates, social media handles (although those could be misused) or phone numbers. I don't use Stripe as yet, so that doesn't apply.
What I'm not clear about is "user IDs" - which the Notification does not mention. WHAT "user IDs?" Substack's internal IDs? Substack should clear that up.
Sad that the first time I hear about it is in a Substack article, rather than a communication from Substack as a user.
That may indicate that your account was not among those affected.
700,000 users had their data accessed, and Substack has 35 million+ users total.
Good idea to implement these practices now across all websites you use, just in case π
really quick to jump on this! solid advice without the fud. nice stuff!
I posted this in a comment to someone else yesterday. First, there is an article on the breach which tells more than the Substack Breach Notification does.
Substack Data Breach Leads to Leak of Nearly 700,000 Records
https://www.hendryadrian.com/substack-data-breach-leads-to-leak-of-nearly-700000-records/
Note that the article lists more personal data leaked than the Notification shows:
"Leaked fields include full names, email addresses, phone numbers, user IDs, Stripe IDs, profile pictures, biographies, account creation dates, and social media handles."
I'm not concerned about names, email addresses, profile pictures (mine is of Thanos!), biographies, account creation dates, social media handles (although those could be misused) or phone numbers. I don't use Stripe as yet, so that doesn't apply.
What I'm not clear about is "user IDs" - which the Notification does not mention. WHAT "user IDs?" Substack's internal IDs? Substack should clear that up.
All good points!
I just reached out to the Substack team for clarification.
Will let you know what I find out.
I bet it was the Hackers who hacked us. They are Super Bowl Champions when it comes to Hacking.
1337 h4x0r5
y3$ 7h3y 4r3 7h3 r34| h4x0rz.