If you’ve been reading Techaeris lately, you’ve no doubt seen our articles about Twitter passwords for sale and social media, and other, accounts being hijacked — most of which are being attributed to older password hacks that are just now surfacing. As it turns out, Netflix isn’t sitting around waiting for its user’s accounts to be compromised and is proactively resetting some user’s passwords and sending them an email requesting that they update them.
I received such an email this morning which read:
We believe that your Netflix account credentials may have been included in a recent release of email addresses and passwords from an older breach at another company. Just to be safe, we’ve reset your password as a precautionary measure.
Please visit the login help page at http://www.netflix.com/LoginHelp%20or%20type%20www.netflix.com%20into%20your%20browser, click on “sign in”, and then click “forgot your email or password.”
Follow the instructions to reset your password.
For more information and recommendations on how to keep your Netflix account secure, please visit our Help Center.
–The Netflix Team
The nice thing about the email as well is that not only does Netflix include a link, but also gives manual instructions for those of use that are hesitant to click on links from official looking emails due to phishing and other methods that attempt to hijack your account. There’s no mention of how Netflix is determining that your account credentials “may have been included” in the older breach from another company, so if you don’t get this email it still might be a good idea to change your password just in case.
As much of an inconvenience it is to have to update my password on all my devices that use Netflix, I’d still rather see a company be proactive when it’s apparent that many users use the same passwords across multiple sites — something that we’ve recommended against before. And when you do change your Netflix password, change it to something that isn’t used anywhere else.
Has your Netflix password been reset due to the recent sale of passwords from older breaches? Let us know in the comments below, or on Google+, Twitter, or Facebook.