Hacker News new | ask | show | jobs
by witnessme 139 days ago
I am still confused for days whether this is a real news or a hoax. Only a substack user saying they received this email. I did not. And there is no official statement by Substack. What is really going on here?
6 comments
parable 139 days ago
I've seen the leaked data posted on forums. I'm assuming they're trying to minimize the bad PR from this incident by only doing what's legally required, which is to notify affected users. They're likely not obligated to notify the broader public. Whether they should be obligated to do so is another discussion entirely.
link
meitham 139 days ago
Could you please tell me which forum this was posted on
link
parable 139 days ago
I'm fairly sure even mentioning the name of the forum isn't allowed on HN. It should be trivial to find it yourself, though. I also replied to someone else with the CSV headers if you're only trying to find out what exactly was included in the leak: https://news.ycombinator.com/item?id=46932380

Also, keep in mind that this is a partial leak. The data was scraped from some leaky endpoint which was patched out before every user could be scraped. Only users who were in the partial leak received emails (I have two accounts, only one received an email). If you're a Substack user but didn't receive an email, I'd assume you're not in the leak. Troy Hunt should load it into HIBP eventually, and those concerned can check there if they don't want to seek the leak out on their own.

link
shawabawa3 138 days ago
>I'm fairly sure even mentioning the name of the forum isn't allowed on HN

Well let's find out

I did a tiny bit of research, pretty sure it's BreachForums (https://en.wikipedia.org/wiki/BreachForums)

link
direwolf20 138 days ago
BreachForums was shut down
link
shawabawa3 138 days ago
Seems like every time it gets shut down it starts right back up again

This source claims it's Breach forums but no idea if it's reliable

https://www.bleepingcomputer.com/news/security/newsletter-pl...

link
chrisjj 138 days ago
> this is a partial leak.

Substack PR probably love this. Like a gas tank has a partial leak.

link
parable 138 days ago
This is actually a great analogy for why companies should take small data leaks seriously. A leak is a leak.

Also, to clarify, I don't mean to appear as though I'm discrediting this leak or downplaying its severity. I only mentioned that it was a partial leak to offer an explanation as to why some users received emails and others didn't, as witnessme's comment seemed confused about this.

link
squigz 138 days ago
> I'm fairly sure even mentioning the name of the forum isn't allowed on HN.

I'm not sure this would be the case? I've seen plenty of links to content of questionable legality shared on HN.

link
ntoskrnl_exe 139 days ago
According to Have I Been Pwned, 663 thousand accounts were in the breach. You can verify your address there.
link
proactivesvcs 139 days ago
It recently popped up on the HIBP feed; they tend to be pretty careful when checking the veracity of claims.

https://haveibeenpwned.com/Breach/Substack

link
ochronus 139 days ago
I don't think it's fake - it explains why suddenly I got a ton of "verify your registration to XYZ" emails in the past week.
link
Mordisquitos 138 days ago
Do you reside outside of the EU (and outside anywhere where GDPR equivalents are enforced)? Maybe that would explain it.

Under GDPR, a business has the obligation to inform users if they have been affected by a data breach. That could hypothetically explain why Substack would inform some users (those protected by GDPRish legislation) while keeping it quiet towards the rest of them.

link
GeorgeOldfield 138 days ago
it's real, i have the leak.
link