NetGalley, the service for digital downloads of advance readers copies of books, suffered a data breach on December 21 that may have revealed some personal information to hackers.
The company became aware of the issue when its homepage was defaced and, after further investigation, realized there was "unauthorized and unlawful access to the backup file of the NetGalley database. "Our database backup was stored in the Amazon Cloud. There was a temporary lapse in security protocol for one of our testing servers, and the credentials became easily attainable by a hacker," wrote the company in an announcement on its website on December 23.
In response to the breach, NetGalley prompted all users to update their passwords. In addition, the company wrote that it had re-secured testing sites and updated protocols to ensure their security going forward, as well as, revising the company's database backup procedure, changed all legacy passwords that had access to any NetGalley systems or data, and added new security features into the site to improve the security of personal information.
"We're back to semi-normal," said Fran Toolan, CEO of NetGalley. "The site was patched with new password security, the testing server that was the culprit has been locked down. A number of support cases came in, but, fortunately, the amount of personal information that we carry on people is pretty limited."
Among the information that could have been exposed to hackers included the user's login name and password, first and last name, email address, and country. Also, if supplied by the user, their biography, mailing address, phone number, birthday, company name, and Kindle email address could have been accessed.