Going The Extra Mile: Pandora, Facebook, and Netflix Ask Users to Reset Passwords

By on Jul 01, 2016

It’s a good sign when businesses take the initiative to protect consumers’ online safety. Not only does it allow customers to feel secure using their services, but it also facilitates positive change. When one business takes an extra step to protect users, industry security standards are advanced. The envelope is pushed for other organizations, who in turn adopt better security practices themselves. It’s a win-win.

When Pandora, Facebook, Netflix, and others recently asked users to reset passwords, a ripple effect began. That’s because they did so even though their own accounts weren’t breached – signaling a more proactive approach to security. It may be a small step for each of these businesses, but it’s a giant leap for consumer safety.

In the case of Pandora, the story started when the music-streaming company discovered 117 million LinkedIn credentials leaked. They didn’t simply sit back and bask in the relief that it didn’t happen to them. Instead, they began to dig through the data dump to find exposed individuals who were also Pandora customers. Their reasoning was wise: people often use the same password across multiple services. Cybercriminals could simply enter those LinkedIn email and password combinations into Pandora. The quick-thinking security approach? Ask users to change their passwords.

Of course, Pandora isn’t the only company that’s forward-thinking with user safety. Facebook and Netflix also asked users to change passwords in light of recent data dumps from other services. Now, it’s clear companies have generally been more sensitive to cybersecurity concerns lately. Judging by all signs, this trend seems likely to continue. The wait-until-it-happens approach to user safety is, hopefully, nearing its end.

Everyone can enjoy this news. Businesses should be more proactive about user safety. In the case of data breaches, it’s great to hear companies are scanning leaked user details and cross-referencing them with their own databases. This proactivity is something to be praised among the security community. With time, tech companies can develop even more pre-emptive security protocols – keeping us increasingly safe in the future.

Of course, we can’t just rely on proactive companies to keep our accounts secure. There are security measures we, as individuals, can take as well, to stay protected.

  • Use unique passwords, and change them regularly. Create distinct passwords for each account. It’s the best way to prevent criminals from using leaked data to crack into your other accounts. Have a hard time managing all of your unique logins? . Remember, password management solutions like True Key can do wonders.
  • Double check to see if update requests are authentic. Be careful when asked to provide sensitive information, or change passwords, from seemingly official sources. It’s a common cybercriminal tactic to send phishing emails to users, masquerading as a legitimate company. Try to spot out any misspellings in the URL and sender’s email address, to catch a phony alert.
  • Keep an eye out for data breaches. Stay on top of security news. That way, you’ll know if there’s a possibility your data is in criminals’ hands. Some companies have proactive warning systems in place, but not all do. By having information on when leaks happen, you can take prompt action to protect potentially affected accounts.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.



About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

  1. Pick something from your past that no one else can know and add some numbers, not your birthday, and the special characters above the numbers to it. You will be glad you did. Keep two email accounts in case one gets breached and don't use the same password for both. Keep them both active, one for social and one for business. Vary the password when you change them to a rotating items from your past, again that only you would know, or is something so obscure that no one remembers it. If one gets compromised, shut it down and create another.

Subscribe to McAfee Securing Tomorrow Blogs