According to Krebs, Netflix has already begun sending out password resets after scouring the log-in credentials leaked online. The company apparently uses a tool it released in 2014 to comb through leaked log-ins -- so, yes, the email is legit and not an attempt to phish for your details. Of course, the best way to ensure you're safe is to use a unique password for every online account and to delete anything you don't use anymore.
Some big websites might require you to change passwordsNetflix has already begun sending out password resets.
If you receive an email from Netflix or Facebook asking you to change your password because it matches a credential from an older security breach, you may want to heed its advice. Cybersecurity expert Brian Krebs says some big companies, including the streaming service and the social network, tend to go through data from other websites' security breaches to look for log-ins that match their users'. They then force those users to change the passwords they reused to keep them safe. If you'll recall, hackers recently sold the millions of log-in combinations they stole from LinkedIn, Tumblr and MySpace a few years ago.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.