ShellCodeX Breach Report
NetGalley Data Breach
netgalley.com
Verified breach
Passwords exposed
Accounts exposed
1,436,435
Breach date
21 Dec 2020
Added to tracker
23 Feb 2021
Data classes
8
What happened
In December 2020, the book promotion site NetGalley suffered a data breach. The incident exposed 1.4 million unique email addresses alongside names, usernames, physical and IP addresses, phone numbers, dates of birth and passwords stored as salted SHA-1 hashes.
Exposed data
Dates of birth
Email addresses
IP addresses
Names
Passwords
Phone numbers
Physical addresses
Usernames
Recommended actions
- Change your NetGalley password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing NetGalley โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP