Posted in: Comics | Tagged: , ,


NetGalley Graphic Novel Reviewers' Private Data Leaked

NetGalley is a service that lets reviewers, book-buyers or influencers read books ahead of publication. Its popularity among graphic novel publishers has increased in recent years, especially DC Comics. But it seems that all those (like me) who have accounts may have had our information.

NetGalley Graphic Novel Reviewers' Private Data Leaked
Netgalley logo

It is with great regret that we inform you that on Monday, December 21, 2020 NetGalley was the victim of a data security incident. What initially seemed like a simple defacement of our homepage has, with further investigation, resulted in the unauthorized and unlawful access to a backup file of the NetGalley database.

It is with an abundance of caution that we wanted to let you know this incident may have exposed some of the information you have shared with NetGalley.

The backup file that was impacted contained your Profile information, which includes your login name and password, name and email address. Also, if supplied by you, your mailing address, birthday, company name, and Kindle email address. We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility. We expect that you may have many additional questions—these are the questions we would have if we received this email.

And the responses are pretty standard.

Was any personal information exposed? It is possible that your NetGalley Profile information was exposed as a result of this incident. This information includes your login name and password, first/last name, email address, and country. Also, if supplied by you, your Bio, mailing address, phone number, birthday, company name, and Kindle email address.

Does NetGalley store or process any financial data?  No, there are no bank numbers, credit card numbers or any other financial information stored on NetGalley, so none was exposed.

Was any of my information lost? Luckily the loss of information was minimal, with some Profile photos being deleted from the NetGalley system. These are easily replaced within your NetGalley Account (click here for instructions.)

What has NetGalley done to ensure the breach is secured? Once we found the cause of the breach, we were able to shut it down within an hour of identifying the breach. We re-secured our testing sites and updated our protocols to ensure their security going forward. We also:

  • Immediately reviewed our security standards and just implemented further means to protect your data. The next time you sign in you will be prompted to change your password.
  • Revised our database backup procedure to ensure this data is never again exposed
  • Changed all legacy passwords that had access to any NetGalley systems or data

What are NetGalley's future plans with regards to security?

  1. We are continuing to investigate this incident and ensure that no further damage is incurred.
  2. We are requiring that anyone with an account change their password.

What steps can I take? To better protect your account security, NetGalley is requiring all members to reset their passwords. Starting December 23rd, you'll be required to reset your password before signing in to your NetGalley account.

The letter continues;

Please be assured that we take the security of our members' information very seriously and we sincerely regret that this incident occurred. We immediately reviewed our security standards and just implemented further means to protect your data. The next time you sign in you will be prompted to change your password.

We appreciate your understanding, and thank you for your support. Please do not hesitate to contact us if you have other concerns. We wanted to send this information to you as soon as possible, but like most companies, our team will be offline during the holidays—we will absolutely be available to answer your questions on December 28th. We hope you have a wonderful holiday.

Time to change my password I guess. Again.


Enjoyed this? Please share on social media!

Stay up-to-date and support the site by following Bleeding Cool on Google News today!

Rich JohnstonAbout Rich Johnston

Founder of Bleeding Cool. The longest-serving digital news reporter in the world, since 1992. Author of The Flying Friar, Holed Up, The Avengefuls, Doctor Who: Room With A Deja Vu, The Many Murders Of Miss Cranbourne, Chase Variant. Lives in South-West London, works from Blacks on Dean Street, shops at Piranha Comics. Father of two. Political cartoonist.
twitterfacebookinstagramwebsite
Comments will load 20 seconds after page. Click here to load them now.