NetGalley discloses data breach after website was hacked

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members' personal information.

NetGalley is a website that allows authors and publishers to promote digital review copies of their books (galleys) to book advocates, influential readers, and industry professionals in the hopes that they will recommend the books to their audience.

On Monday, December 21st, NetGalley's website was hacked and defaced. After further investigations, it was determined that the threat actors also accessed a backup for the site's database containing members' data.

"It is with great regret that we inform you that on Monday, December 21, 2020 NetGalley was the victim of a data security incident. What initially seemed like a simple defacement of our homepage has, with further investigation, resulted in the unauthorized and unlawful access to a backup file of the NetGalley database," NetGalley disclosed in a data breach advisory.

This backup database included NetGalley members' personal information, including their login name, password, name, and email address. Other optional information that could have been in the database includes users' mailing address, birthday, company name, and Kindle email address.

NetGalley states that there was no financial information stored in the database. In response to the breach, NetGalley requires all users to reset their password when they next log in.

BleepingComputer has reached out to NetGalley with questions on whether the passwords were hashed in the database but has not heard back.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top