Facebook and Netflix scan leaked data sets for recycled passwords

Shawn Knight

Posts: 14,585   +174
Staff member

A string of high-profile data breaches over the past several weeks has put some major technology companies on high alert. The breaches in question – affecting LinkedIn, Myspace, Tumblr and VK – took place years ago meaning the stolen data may be outdated in some cases. That said, there’s still plenty of reason for concern.

Krebs on Security reports that some companies like Netflix and Facebook make a habit of combing through massive leaked data sets. They’re not doing anything nefarious here; instead, they cross-reference stolen credentials against those of their customers to see if there are any matches. If there’s a match, they take action.

Just last week, for example, Netflix sent out notifications to its users whose credentials were tied to the recent leaked data sets. The streaming video giant said it reset users’ passwords as a precautionary measure, instructing those affected to click the “forgot your e-mail or password” link on their site to set up a new password.

Again, the leaked data is years old at this point but with more than half a billion accounts involved, there was bound to be some valid credentials.

Netflix said in a statement to Krebs that they are always engaged in these types of proactive security measures using a tool it released in 2014 called Scumblr and other mechanisms / data sources, not just in the case of major security breaches.

Following the 2013 Adobe hack that exposed millions of customer credentials, Krebs says Facebook scoured the password data in search of recycled passwords among its own members.

Image courtesy Arkela, Shutterstock

Permalink to story.