Connect with us

Hi, what are you looking for?

Cyber Security

NetGalley data breach: Publishing industry website forces password reset following ‘security incident’

NetGalley – a website that gives book reviewers pre-release access to new titles – has warned users about a data breach that may have exposed their passwords and other personal data.

“What initially seemed like a simple defacement of our homepage has, with further investigation, resulted in the unauthorized and unlawful access to a backup file of the NetGalley database,” said the company in a data breach alert published yesterday (December 23).

Users logging in from yesterday onwards must now reset their passwords in order to access their NetGalley account.

Publishing imprint

NetGalley said the compromised backup file contained users’ profile information, including login name and password, first and last name, email address, and country.

Applicable to users who supplied the relevant data, the file also contained mailing addresses, phone numbers, dates of birth, company names, and Kindle email addresses.

“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” said the breach notification.

NetGalley website Bart Simpson picture defacedThe NetGalley website was apparently defaced as part of the same incident

The Daily Swig has contacted NetGalley seeking clarification as to whether all (or some portion of) users’ profiles were exposed – we will update the article if and when we get a response.

The company said no financial information, such as bank account or credit card numbers, was exposed.

“Some profile photos” had been deleted from the system too, it added.

NetGalley said the breach occured on Monday (December 21). “Once we found the cause of the breach, we were able to shut it down within an hour of identifying the breach,” it said.

The company said it had “re-secured” its testing sites, updated security protocols, “revised” their “database backup procedure”, and “changed all legacy password that had access to any NetGalley systems or data” in response to the attack.

A number of NetGalley users have taken to Twitter to criticize the company for what they assumed was the storage of passwords without encryption.

Stolen usernames and passwords are frequently used in automated ‘credential stuffing’ attacks against login pages of third-party web sites, a tactic that works because many users reuse the same password across multiple accounts.

Source: https://portswigger.net/daily-swig/netgalley-data-breach-publishing-industry-website-forces-password-reset-following-security-incident

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO