Netflix has reminded people whose user IDs are circulating in breach-lists to check their security and if necessary reset their passwords.
The issue resurfaced late last week, when an Adweek writer posted that he'd received a “reset your password” message:
“As part of our regular security monitoring, we discovered that credentials that match your Netflix email address and password were included in a release of email addresses and passwords from a breach at another company.”
The streaming giant has been tapping groups of users since June, when KrebsOnSecurity spotted a nearly-identical e-mail in the wild. At the time, Krebs associated the notice with the LinkedIn, Tumblr and MySpace breaches.
Since then, of course, another huge breach came to light – the 500 million credentials swiped from Yahoo!, reported in September.
The scale of the Yahoo! breach makes it almost inevitable that password re-users' credentials would turn up on other sites, like Netflix.
Netflix confirmed that it's circulating another round of reminders, telling The Register in an e-mail “Some Netflix members have received emails encouraging them to change their account passwords as a precautionary measure due to the recent disclosure of credentials from other internet companies.
“This is part of our ongoing, proactive efforts to alert members to potential security risks not associated with Netflix. There can be a variety of triggers such as username and password breaches at other companies, phishing schemes, and malware attacks.” ®