allheart55 (Cindy E)
Administrator
Netflix is telling some password-reusing customers to reset those well-trodden logins after it spotted some of them in a batch of purloined credentials.
The news was first reported by AdWeek, where writer Steve Safran said on Friday that he’d received this email:
As part of our regular security monitoring, we discovered that credentials that match your Netflix email address and password were included in a release of email addresses and passwords from a breach at another company.
The email didn’t give details about how many accounts were affected.
Netflix is resetting affected users’ passwords for them and then prompting them to change it to a new one.
The email said that Netflix wasn’t aware of anybody having compromised Safran’s account.
Netflix confirmed to the Register that yes indeed, it’s sending out the emails as a precautionary measure due to the recent disclosure of credentials from other sites.
This is part of our ongoing, proactive efforts to alert members to potential security risks not associated with Netflix. There can be a variety of triggers such as username and password breaches at other companies, phishing schemes, and malware attacks.
Like many online services, Netflix’s routine security monitoring includes sniffing around online to see if it will find its user IDs circulating in breach lists.
That’s how Amazon found a cache of reused passwords and likewise told some customers recently to swap the passwords out.
Facebook is also known to prowl the internet looking for your username/password combos to show up in troves of leaked credentials.
So where did the breached passwords originally come from? Netflix isn’t saying, and honestly, it could be from any of a growing list of mega-dumps.
The credentials could have come out of the LinkedIn breach of millions of passwords, for example.
Or it could have been the MySpace mega-breach, the 65 million passwords in the Tumblr breach, or from the gargantuan Yahoo breach of half a billion accounts.
With each breach comes an increased chance that a reused set of login details will be discovered and potentially used by crooks to gain access to any account set up with those same details.
If you’ve got some scruffy reused passwords kicking around, we agree with Netflix: put those mangy things out to pasture and get yourself some new ones to ride around on.
Make sure every one of your passwords is unique, too. After all, cloned passwords are sickly things. If one service gets breached, crooks can try them on all your other accounts.
So if you don’t want crooks watching porn, or Disney films, for that matter, with you footing the Netflix bill, make sure you’ve got a unique, strong password on that account.
Here’s a detailed explanation of the dangers of password reuse, and here’s how to make every one of those passwords robust.
“So many passwords!” you may say. “I must now lie down and take a nap!” you may wail.
Please, no! Nap not!
With all the “security breach!!!” and “reset your password NOW!!!” news coming at us constantly, we know it’s tempting to more or less just give up.
Instead of giving up on security, though, consider using a password manager.
We think they’re a great tool. All you have to remember is one good, strong master password for the manager.
Source: Sophos
