Slashdot Mirror

← Back to Stories (view on slashdot.org)

Password Re-user? Get Ready to Get Busy (krebsonsecurity.com)

Posted by msmash on from the security-measures dept.

Security reporter Brian Krebs writes: In the wake of megabreaches at some of the Internet's most-recognized destinations, don't be surprised if you receive password reset requests from numerous companies that didn't experience a breach: Some big name companies -- including Facebook and Netflix -- are in the habit of combing through huge data leak troves for credentials that match those of their customers and then forcing a password reset for those users. Netflix.com, for example, sent out a notification late last week to users who made the mistake of re-using their Netflix password at Linkedin, Tumblr or MySpace. All of three of those breaches are years old, but the scope of the intrusions (more than a half billion usernames and passwords leaked in total) only became apparent recently when the credentials were posted online at various sites and services.

3 of 119 comments (clear)

  1. Depends on the data you want to protect by DidgetMaster · · Score: 4, Interesting

    Everyone seems so worried about passwords getting hacked on sites that couldn't care less about. Anything that has information that I want to protect (e.g. bank accounts) has a strong password that I never repeat. But I also have a ton of accounts on news sites and other places that make you get an account just to see anything. I can set all those account passwords to "12345" and couldn't care less if they get hacked. There is nothing in there of any value for someone to steal. I usually use a fake name and address when I set up the account in the first place.

  2. Re:Both awesome and sad by Ravaldy · · Score: 4, Interesting

    Sad that theres so much password reuse

    It isn't sad, it's unfortunate that we have to avoid reusing of passwords.

    I just finished moving all my accounts from one email to another. That was 53 different accounts I had to manage. Can you imagine keeping track of 53 different passwords. I have 4-5 passwords I use. One for my banking, one that I don't care if they take my account, one for entities I trust, one for entities I trust less.

    If we could trust all entities to secure their shit then we could all use one password but we all know it's impossible to secure everything so this strategy will have to hold for now;.

  3. Re:Finally security done the right way by internerdj · · Score: 4, Interesting

    This is a little disturbing. I got a password reset from Netflix. I thought it was something general. I also thought my netflix password was unique among my accounts. Now I've got no clue what actually was breached.