ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

NetGalley Data Breach

netgalley.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 1,436,435
Breach date 21 Dec 2020
Added to tracker 23 Feb 2021
Data classes 8

What happened

In December 2020, the book promotion site NetGalley suffered a data breach. The incident exposed 1.4 million unique email addresses alongside names, usernames, physical and IP addresses, phone numbers, dates of birth and passwords stored as salted SHA-1 hashes.

Exposed data

Dates of birth Email addresses IP addresses Names Passwords Phone numbers Physical addresses Usernames

Recommended actions

  • Change your NetGalley password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing NetGalley โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP