If you receive an email from Netflix or Facebook asking you to change your password because it matches a credential from an older security breach, you may want to heed its advice. Cyber-security expert Brian Krebs says some big companies, including the streaming service and the social network, tend to go through data from other websites' security breaches to look for log-ins that match their users'. They then force those users to change the passwords they reused to keep them safe. If you'll recall, hackers recently sold the millions of log-in combinations they stole from LinkedIn, Tumblr and MySpace a few years ago.
According to Krebs, Netflix has already begun sending out password resets after scouring the log-in credentials leaked online. The company apparently uses a tool it released in 2014 to comb through leaked log-ins -- so, yes, the email is legit and not an attempt to phish for your details. Of course, the best way to ensure you're safe is to use a unique password for every online account and to delete anything you don't use anymore.