In October 2012, Dashlane partnered with Pwnedlist, the largest database of published online credentials, to enhance our Security Alerts feature. We’ve gotten some questions about how our Security Alerts work, so we think it’s worth clarifying our process.
When we launch a Security Alert, as we did yesterday for Netflix, it’s because login credentials were found online by Pwnedlist. In this case, they were in plain text (cringe). Pwnedlist reported on 3/16/2013, “A hacker known as Fugazi has published a list of account credentials that they claim belong to users of netflix.com. The data includes a list of passwords and emails. The passwords are in plaintext format.”
Our general rule is to push alerts for leaks that PwnedList (a very reputable source) considers verified. Since Dashlane makes it incredibly easy to change your passwords and even securely share that information – and Netflix accounts are often shared - we pushed an alert. The effort spent changing a password outweighs the damage cause by a leaked, or worse, a reused password. It’s what makes Dashlane a hackers worst nightmare.
Regarding Netflix, this leak was one among a couple that we received. We continue to strongly suggest that you update your Netflix password and any other accounts where it may have been used. Hackers love reused passwords. (They bank on them). And when it comes to your online security, safe is always better than sorry.