Some of the Netflix and Facebook users have been getting messages to change their passwords. While this notification did send some users into a frenzy, others speculated it could be because of a data breach.
But it turns out Netflix and Facebook are only doing this as a precautionary measure in the wake of Linkedin, MySpace and Tumblr hacks. The warning messages are being sent to users with weak or common passwords.
This is being done because many of the users have a habit of using the same email addresses and passwords for a string of social media websites, just because its easy to remember. But this also means that when data from one website is leaked online, anyone can get access to it and they can check if your passwords work on other social media websites as well. That is why, it is always recommended to use unique passwords for every website
The report was first published by Kebson Security and they claimed that Netflix had started sending out warnings to its users late last weekend.
The message released by the website said “We believe your Netflix account credentials may have been included in a recent release of email addresses and passwords from an older breach at another company. Just to be safe, we’ve reset your password as a precautionary measure.”
To reset passwords, users need to go to Netflix.com and click on ‘forgot email or password’ option and generate a new password.
Security researcher Brian Krebs of the Kebson Security said “Netflix is taking this step because it knows from experience that cybercriminals will be using the credentials leaked from Tumblr, Myspace and LinkedIn to see if they work on a variety of third-party sites (including Netflix),”
A Netflix spokesperson also talked about this recent issue with Fortune and said “Some Netflix members have received emails encouraging them to change their account passwords as a precautionary measure due to the recent disclosure of additional credentials from an older breach at another internet company. Note that we are always engaged in proactive security measures, even outside of breaches. We proactively monitor our members accounts for fraud and suspicious activity and alert them if we see anything.”
A Facebook spokesperson confirmed this and said the website has been doing that since years.
And these two aren’t the only ones. Reddit too sent out 100,000 password reset requests to its users last month. This was done by the company because of the recent LinkedIn password dump.
In case you weren’t following the news, MySpace confirmed last week that the website had been hacked in 2013 and faced a major data breach. The stolen information from there is now up for sale online.
The hacker behind this MySpace leak is assumed to be ‘Peace’, who was also behind Tumblr and LinkedIn data breaches.