Netflix & Amazon Urge Users to Change Their Passwords
Both Netflix and Amazon are warning some customers that their accounts may be at risk and are urging them to change their passwords. This appears to be the first major effects of the massive database breaches that have surfaced during the past month.
The emails, which have started to surface in more and more inboxes recently, warn the recipient that their credentials may have been found in a cache of passwords and emails that made their way online. Both Amazon and Netflix assure their customers that neither company was directly breached.
In both the cases of Netflix and Amazon, the services have created temporary passwords for users who have been caught in the leaks. The security step was taken because “many customers reuse their passwords on multiple websites,” according to the email delivered by Amazon.
The belief that users have reused passwords is probably a correct one. Many people still use the same password across many accounts, which is a major problem and why Amazon and Netflix are moving forward with there urging of their customers to change their password.
This precautions taken by Netflix and Amazon follows several weeks of an unprecedented amount of usernames and passwords stolen from major sites and services.
Recent History of Large Services Hacked
A total of 167 million accounts from LinkedIn, the result of a 2012 breach, surfaced in May after appearing available for sale on a dark net marketplace. Just weeks later, 427 million credentials from MySpace appeared online, the result of an apparently unreported breach of the social network’s databases. Sixty-five million Tumblr accounts that were stolen in 2013 were acquired at the end of May. In June, 32 million credentials from Twitter users were put up for sale on the dark web, though Twitter denies it was ever the victim of a hack.
Change Your Passwords
Even if you don’t get an email from Netflix or Amazon—or any other company taking extra steps to protect their customers—suggesting a password change, now is the perfect opportunity to do it.
First, you can check to see if your account appears in any of the recent breaches by using the free tools offered by LeakedSource, an online database of stolen credentials, or Have I Been Pwned, a collection of compromised usernames and passwords maintained by security expert Troy Hunt. Regardless if you appear on either list, it never hurts to refresh your current protection.
When filling out the password form, make sure to use a unique combination that isn’t in use for any other account belonging to you; a breach of one service can create a domino effect and compromise you later.
Make sure to use a combination of words, numbers, symbols, and upper and lowercase letters. Try to avoid anything easily guessable—anything on the list of most common passwords is a nonstarter—and keep away from publicly available personal information like your birthday.
Use a Password Manager
I have suggested this countless times here, on this fine technology blog as well as to my workmates, friends and family. Invest in a Password Manager like “LastPass”. Password Managers can take a daunting job (like having strong, encrypted and unique passwords) and making is very easy. Those of us using a password manager have very little to fear from security hacks like the ones mentioned here.
Consider Two-Factor Authentication
Consider using “two-factor authentication” for your important online accounts, especially financial accounts. These are becoming easier to use. The one I recommend is Google’s Authentication.