Netflix have sent out a large batch of emails telling many of their users that their account password has been reset because their credentials have been found leaked online after a “breach from another company”.
Firstly, the email is real. (Though remember it is not beyond the realms of possibility that scammers will try and replicate these emails in a phishing scam. More on that later.)
Secondly, what does it actually mean?
Basically, companies like Netflix will scour the Internet looking for your email address in the troves of leaked login credentials that continually get leaked online. Companies like MySpace, Ashley Madison and Yahoo have all suffered massive data breaches, where millions of accounts login details were leaked onto the Internet, and Netflix is telling you that they found your email address included in that leaked login information.
As such, Netflix wants you to use a different password, as there is a chance that you are using the same password as the one that was leaked. And the video streaming service would rather not have your Netflix account compromised too.
It’s a precautionary measure. After all, we know our readers wouldn’t think of re-using the same password for all their online accounts. After all, that’s online security 101. However millions of users do, and Netflix is trying to protect its userbase. That’s lovely of them, but it’s also in their self-interest of not having to deal with thousands of compromised accounts.
So where did Netflix find your password? And should you be worried? Well Netflix don’t tell you where, but there are places you may be able to find out.
Sponsored Content. Continued below...
The very useful site haveibeenpwned.com stores the login details (not passwords) for all the millions of “pwned” (leaked) accounts out there, and lets you conveniently type in your email address, where the site will check its epic database to see if they find it. If they do it means your login information for one of your accounts was leaked, and they’ll let you know in what breach it happened.
If you re-use the same password, yes, you may need to be worried. One user reported to us that after receiving the email from Netflix about resetting their password, they headed straight over the to the haveibeenpwned.com website and found that their email address was leaked in the MySpace data breach. However this breach occurred back in 2008 (the data leaked in 2016) so we’d expect the majority of the passwords would be useless today. This is likely where Netflix found that user’s email address.
Either way, reset your Netflix password. And remember, use different passwords for different accounts, and employ the uses of a Password Manager to remember all those passwords. Also, we strongly recommend turning on 2-step authentication on accounts that allow it. That includes PayPal and Facebook.
But watch out for imposter Netflix emails! When services send out emails like this, imposters are never far behind. If you get an email from Netflix, if you click on any links, make sure that they direct you to the Netflix website, and not spoof websites looking to steal your information!