Netflix and Facebook have not been hacked, but you should still change your passwords right away. The two companies are already prompting certain users to change their passwords in light of the recently revealed LinkedIn, Tumblr, and MySpace hacks. And if you like to recycle your credentials across internet services, you should consider changing the passwords for these services as soon as possible. In fact, you should try to come up with unique passwords for every internet service you use, rather than using the same ones over and over.
DON’T MISS: This is what the Galaxy Note 7 will look like
Security researcher Brian Krebs reported on Monday that both Netflix and Facebook have been resetting passwords for some users, asking them to come up with new ones. Since then, both companies confirmed to Fortune that’s indeed the case.
Independently, both companies monitor security breaches, and whenever credentials stolen in third-party hacks match the user and password for either Netflix or Facebook, the companies take immediate action.
That’s because hackers who purchase stolen data that includes millions of login details usually try to use the same credentials on other sites, including Netflix and Facebook.
“We believe your Netflix account credentials may have been included in a recent release of email addresses and passwords from an older breach at another company,” the Netflix warning reads, according to Krebs. “Just to be safe, we’ve reset your password as a precautionary measure.” A similar message also appears on the Facebook page of a user whose LinkedIn, Tumblr or MySpace credentials may be selling on the dark web.
“Some Netflix members have received emails encouraging them to change their account passwords as a precautionary measure due to the recent disclosure of additional credentials from an older breach at another internet company,” a Netflix spokeswoman told Fortune. “Note that we are always engaged in proactive security measures, even outside of breaches. We proactively monitor our members accounts for fraud and suspicious activity and alert them if we see anything.”
A Facebook spokesperson confirmed that it has been doing this sort of thing since 2014.
Even if you’re not receiving such prompts, you should consider a password update, especially if you use the same email and password combination on multiple sites. And choose smarter passwords, that aren’t easy to crack.