Volksgemeinschaft is a German expression meaning "people's community", "folk community", "national community", or "racial community", depending on the translation of its component term Volk.
Your quote leaves out the most interesting part: the word is now associated with some particularly folksy folk who notoriously used it in their. genocidal ideology
> The concept was notoriously embraced by the newly founded Nazi Party in the 1920s, and eventually became strongly associated with Nazism after Adolf Hitler's rise to power.
Looked up NatSocToday on Substack, and they do have the swastika as a banner; they don't even hide or be subtle about it. Full on nazi, in plain sight.
I'm not caught up on fringe and irrelevant political groups, but I think Trump has a base completely different than a pre-2016 republican would align with.
Before you would have: Lifelong Red Team Republican(40%), non ideological Opportunists (30%), Ideological Crazies (30%)
Today you have: Lifelong Red Team Republican(40%), non ideological Opportunists (10%), Ideological Crazies For Trump (50%)
The GOP lost that upper-middle class(opportunists) and they lost ideological believers(pre 2016 crazies). Given how fast it was lost, I expect it to come back in some manner, but Trumpism is a cult of personality rather than ideology.
I am still confused for days whether this is a real news or a hoax. Only a substack user saying they received this email. I did not. And there is no official statement by Substack. What is really going on here?
I've seen the leaked data posted on forums. I'm assuming they're trying to minimize the bad PR from this incident by only doing what's legally required, which is to notify affected users. They're likely not obligated to notify the broader public. Whether they should be obligated to do so is another discussion entirely.
I'm fairly sure even mentioning the name of the forum isn't allowed on HN. It should be trivial to find it yourself, though. I also replied to someone else with the CSV headers if you're only trying to find out what exactly was included in the leak: https://news.ycombinator.com/item?id=46932380
Also, keep in mind that this is a partial leak. The data was scraped from some leaky endpoint which was patched out before every user could be scraped. Only users who were in the partial leak received emails (I have two accounts, only one received an email). If you're a Substack user but didn't receive an email, I'd assume you're not in the leak. Troy Hunt should load it into HIBP eventually, and those concerned can check there if they don't want to seek the leak out on their own.
This is actually a great analogy for why companies should take small data leaks seriously. A leak is a leak.
Also, to clarify, I don't mean to appear as though I'm discrediting this leak or downplaying its severity. I only mentioned that it was a partial leak to offer an explanation as to why some users received emails and others didn't, as witnessme's comment seemed confused about this.
Do you reside outside of the EU (and outside anywhere where GDPR equivalents are enforced)? Maybe that would explain it.
Under GDPR, a business has the obligation to inform users if they have been affected by a data breach. That could hypothetically explain why Substack would inform some users (those protected by GDPRish legislation) while keeping it quiet towards the rest of them.
I'd edit my other reply to this comment but can't anymore.
Here are the columns from the CSV file I've seen being shared around on forums, including the "internal metadata". This mostly boils down to full name on file, email, Stripe customer ID, activity metrics, usernames, and phone numbers. Everything else is largely irrelevant.
This is what I've been saying for years. I really could care less if my passwords were leaked. My phone number, on the other hand, is near-impossible to change. The fact that VoIP/virtual numbers are blacklisted from use almost everywhere doesn't help anything, because otherwise I would just use a ton of cheap rented numbers.
The same goes for full names on file, physical addresses, and other hard-to-change information. Passwords have been the least of my concerns since password managers were invented.
You could, in theory, use a custom domain or email aliasing service like SimpleLogin or Addy to combat the email address issue, though websites like GitHub have been known to block emails created with an aliasing service. I could go on about why that move does next to nothing to combat actual abuse; any spammer worth their salt can just buy a bunch of Gmail accounts or Outlook accounts instead.
Phone numbers are kinda concerning given their popularity as 2FA. A phone number is now basically your shared password for everything. It's also semi public, hard to change and you are basically one SIM swap attack away from a full compromise.
Phone number login in 2026 is really just asking for someone to do a SIM swap attack on the victim's account to steal their identity.
Surely a list of services that allow phone number logins exists so that one can avoid signing up in the first place and we would then see it in another connecting breach.
The AI agents are throwing another party celebrating over yet another data breach where they can train on this data and can now get to know us even more for personalized conversations about our Substack activity.
A very specific folk.
Volksgemeinschaft is a German expression meaning "people's community", "folk community", "national community", or "racial community", depending on the translation of its component term Volk.
https://en.wikipedia.org/wiki/Volksgemeinschaft
> The concept was notoriously embraced by the newly founded Nazi Party in the 1920s, and eventually became strongly associated with Nazism after Adolf Hitler's rise to power.
(From your Wikipedia link.)
And plot twist, they are anti-Trump.
I'm overwhelmed.
Before you would have: Lifelong Red Team Republican(40%), non ideological Opportunists (30%), Ideological Crazies (30%)
Today you have: Lifelong Red Team Republican(40%), non ideological Opportunists (10%), Ideological Crazies For Trump (50%)
The GOP lost that upper-middle class(opportunists) and they lost ideological believers(pre 2016 crazies). Given how fast it was lost, I expect it to come back in some manner, but Trumpism is a cult of personality rather than ideology.
Also, keep in mind that this is a partial leak. The data was scraped from some leaky endpoint which was patched out before every user could be scraped. Only users who were in the partial leak received emails (I have two accounts, only one received an email). If you're a Substack user but didn't receive an email, I'd assume you're not in the leak. Troy Hunt should load it into HIBP eventually, and those concerned can check there if they don't want to seek the leak out on their own.
Well let's find out
I did a tiny bit of research, pretty sure it's BreachForums (https://en.wikipedia.org/wiki/BreachForums)
Substack PR probably love this. Like a gas tank has a partial leak.
Also, to clarify, I don't mean to appear as though I'm discrediting this leak or downplaying its severity. I only mentioned that it was a partial leak to offer an explanation as to why some users received emails and others didn't, as witnessme's comment seemed confused about this.
I'm not sure this would be the case? I've seen plenty of links to content of questionable legality shared on HN.
https://haveibeenpwned.com/Breach/Substack
Under GDPR, a business has the obligation to inform users if they have been affected by a data breach. That could hypothetically explain why Substack would inform some users (those protected by GDPRish legislation) while keeping it quiet towards the rest of them.
> Substack specified that more sensitive data, such as credit card numbers, passwords, and other financial information, was unaffected.
I hate it when companies do this.
passwords and credit card numbers are easily changed.
names, emails and phone numbers are not.
Here are the columns from the CSV file I've seen being shared around on forums, including the "internal metadata". This mostly boils down to full name on file, email, Stripe customer ID, activity metrics, usernames, and phone numbers. Everything else is largely irrelevant.
id,name,email,email_confirmed,email_confirmation_token,stripe_platform_customer_id,is_global_admin,is_ghost,created_at,anonymous_id,email_bounce_count,photo_url,publisher_agreement_accepted_at,bio,updated_at,profile_set_up_at,tos_accepted_at,email_digest_at,has_passed_captcha,import_confirmation_required,post_notification_preference,reader_installed_at,activity_items_viewed_at,dismissed_ios_app_promo_at,email_notifications_last_resumed_at,previous_name,release_group,handle,phone,bank_payment_failures,is_globally_banned,session_version
The same goes for full names on file, physical addresses, and other hard-to-change information. Passwords have been the least of my concerns since password managers were invented.
You could, in theory, use a custom domain or email aliasing service like SimpleLogin or Addy to combat the email address issue, though websites like GitHub have been known to block emails created with an aliasing service. I could go on about why that move does next to nothing to combat actual abuse; any spammer worth their salt can just buy a bunch of Gmail accounts or Outlook accounts instead.
couldn't*
https://www.merriam-webster.com/grammar/could-couldnt-care-l...
https://dictionary.cambridge.org/dictionary/english/could-ca...
"It is impossible that he could care less." — The Morning Post (London, Eng.), 18 Jul. 1840
A friend of mine received a very well-crafted physical letter at his home about resetting his cryto ledger.
He is now very stressed because there are news about people with crypto getting abducted.
And with the ledger leak they have:
- his name and address
- how much money he has on his ledger
Surely a list of services that allow phone number logins exists so that one can avoid signing up in the first place and we would then see it in another connecting breach.
For example, I tried to set up another form of 2FA on Chase, but it still defaults to phone. I can’t disable or change it.