When a major data breach happens it's expected that you might get a password reset warning from the company or service involved - but there's a good chance you're also going to get a similar message from other online platforms that weren't directly affected, even months or years down the line.
Why? As KrebsOnSecurity reports, services like Netflix and Facebook often analyse data leaks from other sites to check for passwords that are being used in several different places. It's something a lot of us tend to do - even if it's very unsafe habit to get into.
Data from hacks isn't always released immediately, which is why these reset requests can sometimes appear out of the blue even when there aren't any big leaks in the headlines.
Netflix, for example, has been sending out password reset requests this week in the wake of past breaches at LinkedIn, Tumblr and MySpace.
Once more unto the data breach
"Netflix's forensics team has been using a tool that the company released in 2014 called Scumblr, which scours high-profile sites for specific terms and data," writes security expert Brian Krebs on his site. Facebook has similar tools in operation, he says.
A message in your inbox doesn't mean your Netflix or Facebook passwords have been hacked or exposed - both companies use secure, encrypted programs to compare your details with the leaks - but it's likely that you've been using the same password across multiple sites. It's bad practice but even Mark Zuckerberg does it.
It's in your best interests to use different passwords on different apps and sites, even if you only change a few numbers or letters each time.
- Our guide to the best antivirus package
Is TouchID as secure as we think it is?