When it comes to protecting its millions of users against the threat of cyberattack, streaming giant Netflix is taking a "proactive" approach by combing through recent leaks in order to locate users at risk due to password reuse across multiple services.
A number of major technology and social media companies have been hit with cybersecurity scandals this year – including LinkedIn, MySpace and Tumblr – with the incidents now being coined 'mega-breaches' due to the sheer size of data being released into the public domain.
Now, according to an email sent to Adweek writer Steve Safran on 14 October, Netflix is contacting those with vulnerable accounts and enforcing password changes – even in cases where its security teams find no evidence the account has been tampered with.
"We discovered that credentials that match your Netflix email address and password were included in a release of email addresses and passwords from a breach at another company," the firm said in an email, adding it uncovered the credentials as part of "regular security monitoring."
As noted by cybersecurity researcher Brian Krebs, similarly-worded notices have been spotted in circulation since early June. Since that time, however, Yahoo has admitted that "at least" 500 million of its users' accounts were compromised in a late-2014 breach.
There is no suggestion that Netflix itself – which boasts 83 million members in over 190 countries – has been hacked. In a statement sent to The Register, Netflix said the latest round of password change notifications were simply "a precautionary measure due to the recent disclosure of credentials from other internet companies."
It continued: "This is part of our ongoing, proactive efforts to alert members to potential security risks not associated with Netflix. There can be a variety of triggers such as username and password breaches at other companies, phishing schemes, and malware attacks."
On its website, Netflix warns about the dangers of password reuse. "If any of those services are compromised, the attacker can try the user's email address and password on Netflix and take over the account. We strongly encourage you to select strong passwords that are unique to Netflix," it said.
As such, the service stated that users should always strive to make a unique password that is at least eight characters in length and contains a mixture of letters, numbers and symbols.