Book Promotion Site NetGalley Disclosed Data Breach Following Website Defacement

The book promotion platform NetGalley has recently suffered a data breach. The site faced a defacement amidst which the attackers also gained access to the site’s database.

NetGalley Suffered Data Breach

In a recent security notice, NetGalley has elaborated on the details of a cyber attack they faced recently.

As revealed, the website suffered a defacement attack on December 21, 2020. Upon investigating the matter, NetGalley could sense the data breach as well.

What initially seemed like a simple defacement of our homepage has, with further investigation, resulted in the unauthorized and unlawful access to a backup file of the NetGalley database.

This backup file had contained the personal information of the customers. Thus, while not witnessing any evidence yet, NetGalley believes a breach might have happened. Regarding the exact details included in the backup file, they stated,

This information includes your login name and password, first/last name, email address, and country. Also, if supplied by you, your Bio, mailing address, phone number, birthday, company name, and Kindle email address.

However, since the service doesn’t store any financial data, no loss of such information happened.

Though, the incident resulted in the deletion of users’ profile pictures from NetGalley systems that the affected user may re-upload.

What Should You Do?

Upon detecting the cyber intrusion, NetGalley worked swiftly to contain the attack. They also reviewed the current security measures and strengthened the system protection.

Once we found the cause of the breach, we were able to shut it down within an hour of identifying the breach. We re-secured our testing sites and updated our protocols to ensure their security going forward.

Whereas, for securing their customers’ accounts, the service reset passwords for all. It means that all users, while signing-in to their NetGalley accounts after December 23, 2020, may have to set up a new password first. While doing so, users must keep their password protection in mind.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients