Facebook, Netflix trigger password resets in wake of recent hacks
Fearing for the worst, some tech companies are actively resetting some user passwords, amid concerns hackers might be using hacked data to get access to accounts.
Spotted by security reporter Brian Krebs, Facebook and Netflix are resetting the credentials of those whose usernames, and emails and passwords have been found in other leaked sets of breach data -- usually from other hacks.
According to Krebs, Netflix sent out an email, which said "just to be safe, we've reset your password as a precautionary measure," because "we believe that your Netflix account credentials may have been included in a recent release of email addresses and passwords at another company."
Facebook said that some accounts are "at risk because you were using the same password" on a different site, unrelated to Facebook.
(Image via KrebsOnSecurity.com)
It comes in the wake of massive breaches at MySpace, LinkedIn, and Tumblr, which collectively made up over 600 million user accounts.
The big, ongoing problem is password reuse. Many use the same email address and password combination for other services. When one is breached, others can be, too.
Given the amount of leaked data already stolen by hackers in recent weeks, there's always the case that data is reused, and sold on.
Earlier this week, hackers reportedly took over the Instagram, LinkedIn, Pinterest and Twitter accounts of Mark Zuckerberg, the the co-founder and chief executive of Facebook, which owns Instagram. The Facebook executive's password is thought to have come from the LinkedIn breach.
Many big companies go through publicly-available stolen data to match up passwords that are in their own databases -- usually by comparing hashes. Krebs said that this is usually done by one-way hashing -- which involves taking the plain-text password (or cracked password), rehashing it, and comparing it to the same email address in the database.