NetGalley Discloses Data Security Incident
The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members’ personal information.
On Monday, December 21st, NetGalley’s website was hacked and defaced. After further investigations, it was determined that the threat actors also accessed a backup for the site’s database containing members’ data.
“It is with great regret that we inform you that on Monday, December 21, 2020 NetGalley was the victim of a data security incident. What initially seemed like a simple defacement of our homepage has, with further investigation, resulted in the unauthorized and unlawful access to a backup file of the NetGalley database,” NetGalley disclosed in a data breach advisory.
This backup database included NetGalley members’ personal information, including their login name, password, name, and email address. Other optional information that could have been in the database includes users’ mailing address, birthday, company name, and Kindle email address.
NetGalley states that there was no financial information stored in the database. In response to the breach, NetGalley requires all users to reset their password when they next log in.