When We Trust No One: Did Substack REALLY Say It Was Breached?

When you’ve been around long enough, zero trust is an attitude, not a technology. Which is how I reacted when I received an email from Substack yesterday and questioned whether it was REALLY from Substack.

Yes, the email came from “Substack Standards & Enforcement” at security@substack.com, but such emails can be faked, and a few months ago I received an email processed by Substack’s servers that was NOT sent by the Substack account owner.

So last night I went to Substack’s own Substack account @substack to see what it said about the matter.

At the time…nothing.

From “When We Trust No One: Did Substack REALLY Say It Was Breached?” in the Bredemarket blog.

https://bredemarket.com/2026/02/05/when-we-trust-no-one-did-substack-really-say-it-was-breached/