Mozilla: Firefox will start alerting you to recently breached sites

Mozilla brings Firefox Monitor to Firefox on the desktop.
Written by Liam Tung, Contributing Writer

Firefox-maker Mozilla is integrating its recently launched data-breach alert service into Firefox on the desktop.

In September, Mozilla launched Firefox Monitor, which allows users to type in an email address and find out if their details are involved in any of the breaches cataloged on Australian security expert Troy Hunt's website, Have I Been Pwned (HIBP).

Users can also sign up to Firefox Monitor to receive an email alert the next time their credentials are included in a breach added to HIBP.

There were some questions about how useful Firefox Monitor is, given it doesn't do much more than Hunt's own website. Have I Been Pwned visitors can also sign up to be notified if they're affected by future breaches.

But Firefox Monitor is about to get much wider exposure by way of new data-breach notifications that will appear within the Firefox desktop browser. The feature is rolling out over the next few weeks.

The notifications will appear when Firefox users visit a site that has been breached in the past. The notification prompts the user to 'Check Firefox Monitor' website to see whether or not they've been affected by that data breach.

According to Mozilla, the browser alert will appear "at most once per site and only for data breaches reported in the previous 12 months".

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

Mozilla's new Firefox Monitor policy is built around two conditions, which are designed to encourage users to address password risks without creating alert fatigue.

If the user has never seen an alert in Firefox before, the browser will only display an alert on sites that have been added to Have I Been Pwned in the past 12 months.

Once the user has seen one alert, Firefox will only show an alert for sites added to Have I Been Pwned in the past two months.

"We believe this 12-month and two-month policy are reasonable timeframes to alert users to both the password-reuse and unchanged-password risks. A longer alert timeframe would help us ensure we make even more users aware of the password-reuse risk," explained Mozilla privacy engineer Luke Crouch.

"However, we don't want to alarm users or to create noise by triggering alerts for sites that have long since taken significant steps to protect their users. That noise could decrease the value and usability of an important security feature."


Mozilla shows what alerts in Firefox on recently breached sites look like.

Image: Mozilla

Previous and related coverage

Mozilla to test taking Have I Been Pwned to the people

New site Firefox Monitor to act as a passthrough to service operated by security researcher Troy Hunt.

Firefox Monitor shows if your personal information was lost in a hack CNET

Mozilla's service can help you decide which passwords need changing.

Chrome, Firefox CSS3 flaw may have let attackers grab Facebook user data

Researchers reveal a tricky technique that uses a CSS3 feature to let attackers recover Facebook user data.

Tor Browser gets a redesign, switches to new Firefox Quantum engine

Tor Browser finally updated to use new-and-improved Firefox Quantum codebase. This includes new Photon UI.

How to install and use the Avast Online Security extension in Firefox TechRepublic

If you use the Firefox browser, you might want to include a handy extension from Avast that helps protect you from phishing and malware sites.

Editorial standards