Netflix has found some of their customers’ username+password in data-dumps on the internet – when they found these re-used passwords, they reached out and recommended a password reset.
This news was reported by AdWeek, where writer Steve Safran said on Friday that he’d received this email:
As part of our regular security monitoring, we discovered that credentials that match your Netflix email address and password were included in a release of email addresses and passwords from a breach at another company.
Many online services, Netflix’s routine security monitoring includes sniffing around online to see if it will find its user IDs circulating in breach lists.
That’s exactly how Amazon found a cache of reused passwords and similarly told some customers recently to swap the passwords out.
Facebook is also known to prowl the internet looking for your username/password combos to show up in troves of leaked credentials.
So where did the breached passwords originally come from? Netflix isn’t saying, and honestly, it could be from any of a growing list of mega-dumps.
The credentials could have come out of the LinkedIn breach of millions of passwords, for example.
Or it could have been the MySpace mega-breach, the 65 million passwords in the Tumblr breach, or from the gargantuan Yahoo breach of half a billion accounts.
With each breach comes an increased chance that a reused set of login details will be discovered and potentially used by crooks to gain access to any account set up with those same details.
If you’ve got some scruffy reused passwords kicking around, we agree with Netflix: put those mangy things out to pasture and get yourself some new ones to ride around on.
Make sure every one of your passwords is unique, too. After all, cloned passwords are sickly things. If one service gets breached, crooks can try them on all your other accounts.
So if you don’t want crooks watching porn, or Disney films, for that matter, with you footing the Netflix bill, make sure you’ve got a unique, strong password on that account.
We recommend that you embrace strong passwords, and then get a good password manager that you can trust. Read our article on strong passwords.