Hackers and other online delinquents have been known to attempt to scam their victims by sending emails prompting them to change their passwords on various services. However, if you have recently received correspondence like this from Netflix, it’s likely to be legitimate.
The streaming giant is currently reaching out to users that are suspected to have been affected by online security breaches leveled against other sites. These attacks against services like LinkedIn and Myspace were carried out years ago, but the extent of the information stolen has only been uncovered in recent weeks.
The problem for Netflix is that, despite plenty of advice discouraging the practice, plenty of users still utilize the same passwords across a number of different sites and services. That means that credentials retrieved by hackers in attacks on the likes of LinkedIn and Myspace could potentially be used to access the target’s Netflix account.
The email being distributed reads as follows, in case you’re unsure whether the communication you’re receiving is legitimate:
We believe your Netflix account credentials may have been included in a recent release of email addresses and passwords from an older breach at another company. Just to be safe, we’ve reset your password as a precautionary measure.
Netflix is using Scumblr to help in its search for potential security threats, having detailed the tool on its tech blog when it was made open source in 2014. Scumblr is helping the company determine whether credentials have been reused elsewhere, according to a report from Krebs on Security.
If you receive an email from Netflix, it’s in your interest to follow its advice — but do make sure that the source is legitimate beforehand. More broadly, these circumstances should illustrate just how important it is to refrain from using the same password over and over again.