NetGalley Security Updates -- March 8, 2023:
- Users are prevented from reusing their last 12 passwords.
- Users are notified and accounts are temporarily disabled if there are 6 failed login attempts.
- Only the domain portion of users' email addresses are visible to publishers when they view members' requests and reviews.
- Internal logging processes are updated to ensure users are only identified by ID number in internal logs.
- Personal data that is no longer in use on the platform, such as birthdays, has been deleted.
- Implemented additional backend security checks and alerts for NetGalley administrators to identify potential issues.
Previous update -- Jan. 8, 2021:
- Re-secured testing sites and updated internal protocols to ensure security going forward.
- Revised database backup procedure to prevent future data exposure.
- Changed all legacy passwords that had access to any NetGalley systems or data.
- Ensured and enhanced security of content on cloud database.
- Ended all sessions for all users, and required users to change their passwords.
- Changed our password security to use a new encryption algorithm that offers increased security.
- Prevented users from reusing the same password.
- Allowed members to create stronger passwords (up to 30 characters, including special characters).
- Improved how we store social media access credentials for all members (Goodreads, Twitter, LinkedIn). This improvement automatically disconnected members’ social media accounts from NetGalley, which they may reconnect at any time.