Security News Netflix finds users’ passwords floating around online: change yours now!

[Jack]

Netflix is telling some password-reusing customers to reset those well-trodden logins after it spotted some of them in a batch of purloined credentials.

The news was first reported by AdWeek, where writer Steve Safran said on Friday that he’d received this email:

As part of our regular security monitoring, we discovered that credentials that match your Netflix email address and password were included in a release of email addresses and passwords from a breach at another company.​

The email didn’t give details about how many accounts were affected.

Netflix is resetting affected users’ passwords for them and then prompting them to change it to a new one.

The email said that Netflix wasn’t aware of anybody having compromised Safran’s account.

Netflix confirmed to the Register that yes indeed, it’s sending out the emails as a precautionary measure due to the recent disclosure of credentials from other sites.

This is part of our ongoing, proactive efforts to alert members to potential security risks not associated with Netflix. There can be a variety of triggers such as username and password breaches at other companies, phishing schemes, and malware attacks.​

Like many online services, Netflix’s routine security monitoring includes sniffing around online to see if it will find its user IDs circulating in breach lists.

That’s how Amazon found a cache of reused passwords and likewise told some customers recently to swap the passwords out.

Read more: Netflix finds users’ passwords floating around online: change yours now!

 

[frogboy]

Good to see Netflix is taking customers security seriously and getting them them to change their passwords.

 

[McLovin]

Foxtel for the win. Haha
All Australian's will know

 

[_CyberGhosT_]

"breach at another company"
What the hell is that ? so they are technically saying it was not us but another company ?
So that would mean that someone other than Netflix has access to or handles User Accounts, a 3rd party maybe ?
Read the wording, that sounds like what they are alluding to, am I right ?
This may spark some grief for Netflix.
Cool share Jack

 

[Ink]

@_CyberGhosT_ It could mean devices that were compromised with keystroke capture malware, stolen accounts or shared online.

 

[uncle bill]

I don't think it's a breach but the abuse of proxies to circumvent countries restrictions. Seemingly nothing is free so we should be careful when using a self named free proxy, because who run the proxy knows where we are coming from, where we are going to and can read the traffic in between.

 

[jamescv7]

Once our information is submitted to them, expect a lot of risks and nothing is safe nowadays; because they could not really control the possible untoward scenarios.

Better to be safe than sorry.

 

[BillR5]

Sounds more like password reuse to me from the statement but we won't know until more information is provided.

 

[Solarquest]

..many companies got hacked, many more will...as security experts say, it2's not an "if" but a "when " will they get hacked, unfortunately.
Apparently we need to put reminders in our calendar to change every "x" days/months our passwords and of course not to reuse the same one...