Mozilla to trial HaveIBeenPwned Firefox Monitor data breach search tool

Firefox Monitor
Firefox Monitor


Firefox-maker Mozilla has announced Firefox Monitor, a website that will let users enter an email address to check if an account has been exposed in a data breach. 

Mozilla is teaming up with Australian security researcher Troy Hunt's HaveIBeenPwned website for Firefox Monitor, which will let users type in an email address to check whether it and other personal information are in Hunt's database of known data breaches. 

The site will detail what types of personal data were exposed in a breach and provide recommendations for how to respond to it and how to secure all accounts.

To ensure that Mozilla doesn't share full email addresses with HaveIBeenPwned, the service will hash the email address and only send the first 6 characters to the HaveIBeenPwned application programming interface. It then checks whether the hash of the email address matches any of the 3.1 billion email address hashes on HaveIBeenPwned. 

Next week Mozilla will begin testing Firefox Monitor with about 250,000 mostly US users and at some point in the future will roll the service out to all Firefox users. It hasn't revealed a release schedule yet.

In the meantime, curious users can check out Mozilla's working demo of Firefox Monitor via its GitHub page for a breach alert service mooted last year. 

The demo app offers six pieces of password security advice, including to use a different password for every account, use long and complex passwords, and to make answers to security questions long and random just like passwords. It also urges people use a password manager and two factor authentication, and finally to sign up to Firefox Monitor alerts.  

While Firefox Monitor is a standalone site that anyone can use, Mozilla said there will be additional features for Firefox users.  

There's some functional overlap with Hunt's own website however he believes the  Firefox integration will be a major win because it extends his site to hundreds of millions of Firefox users. 

Mozilla said it is "considering" a type of breach alert service that tells people when their data is in a new breach. This would be more advanced than the breach alerts feature mooted last year that would have told users if the site their visiting had been breached in the past. 

Extending a new breach notification feature through Firefox would give a boost to Hunt's own notification service which currently reaches 0.06 percent of the 3.1 billion unique email addresses in HaveIBeenPwned. 

Hunt said he is working on a feature that will allow his website to use the partial hash shared by Firefox Monitor in order to tell Firefox when that email hash has been loaded into the site.

A similar feature is also coming to the password manager 1Password that also lets users check if an account was affected by a data breach. 


Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags data breachFirefoxmozillapasswordHaveIBeenPwned

More about Mozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts