Re-secured testing sites and updated internal protocols to ensure security going forward.
Revised database backup procedure to prevent future data exposure.
Changed all legacy passwords that had access to any NetGalley systems or data.
Ensured and enhanced security of content on cloud database, which was not impacted by the Dec. 21 breach.
Ended all sessions for all users, and required users to change their passwords.
Changed our password security to use a new encryption algorithm that offers increased security. (Passwords impacted in the Dec. 21 breach were hashed using an older algorithm, but were never stored in plain text.)
Prevented users from reusing the same password.
Allowed members to create stronger passwords (up to 30 characters, including special characters).
Improved how we store social media access credentials for all members (Goodreads, Twitter, LinkedIn). This improvement automatically disconnected members’ social media accounts from NetGalley, which they may reconnect at any time.