Netflix sent password resets late last week to subscribers who had been using their Netflix password on MySpace, Tumblr, or LinkedIn. According to a report from security researcher Brian Krebs, the streaming service sent the resets following the major breaches on sites like LinkedIn and Tumblr. So if you are using a similar password for the video streaming and other sites, you should change the password.
Netflix asks users to change passwords
“We believe your Netflix account credentials may have been included in a recent release of email addresses and passwords from an older breach at another company,” the message reads. “Just to be safe, we’ve reset your password as a precautionary measure.”
Krebs notes that the video streaming giant is taking such a step because it knows from experience that hackers and cyber-criminals will check whether credentials leaked from LinkedIn, Tumblr, and Myspace work on a variety of third-party sites (including Netflix). In a statement released to KrebsOnSecurity, the streaming service said some of its users have received emails encouraging them to change their account passwords as a safety measure.
“Note that we are always engaged in these types of proactive security measures (leveraging Scumblr in addition to other mechanisms and data sources), not just in the case of major security breaches such as this one.”
The users affected by the password reset just have to go to Netflix.com and click “forgot your email or password.” Then they can create a new password.
A regular protocol among tech firms
Late last month, Reddit also sent 100,000 password resets amid an increase in account takeovers by malicious third parties that are linked to the recent password dump from LinkedIn. Facebook also tends to reset passwords after such incidents, so users might also receive a message from the social networking site, according to Krebs. Facebook scoured the exposed Adobe password data for credential recycling among its users after a breach involving tens of millions of Adobe customer credentials was discovered at Adobe in 2013.
If you are not following security news, then you should at least know that last week, Myspace confirmed reports that in 2013, it sustained a major data breach. Myspace also confirmed that the stolen information is now up for sale online. The company attributed the leak to a Russian cyber-criminal group known as Peace. The same group is also responsible for the recent breaches of Tumblr and LinkedIn, according to reports.