Data breaches have become way too common, and we are not just talking about personal accounts being compromised through phishing attacks, malware, and the like. Companies with an online presence (so pretty much every company in the world) are targets, and since many sites require that you register with an email account, there's a good chance your information has fallen into the wrong hands. As an added security precaution, Mozilla plans to test a new Firefox Monitor security feature using data from the 'Have I Been Pwned' (HIPB) website.
Created by Troy Hunt, HIPB is a website where you can input your email address to have it crosschecked with a database of security breaches. It then tells you exactly which ones. For example, one of the email addresses I inputted showed it was "Pwned on 15 breached sites," and also "found 4 pastes," including an Adobe breach in 2013, a Dropbox breach in 2012, a Kickstarter breach in 2014, and several others.
"Through our partnership, Firefox is able to check your email address against the HIBP database in a private-by-design way," Mozilla explains in a blog post.
The Firefox Monitor website is basically another front end for HIPB. Visitors to the Firefox Monitor can enter in their email address to see if their accounts have been compromised, with details on sites and other sources of breaches, and the types of personal data exposed in each breach. It will also offer recommendations on what to do and how to help secure all accounts. Mozilla insists all this is private, as well.
"It is important that we not violate our users’ privacy expectations with respect to the handling of their email address. As such, we’ve worked closely with HIBP and Cloudflare to create a method of anonymized data sharing for Firefox Monitor, which never sends your full email address to a third party, outside of Mozilla," Mozilla added.
Starting next week, Mozilla will send out invitations to around 250,000 users, mainly in the US, to test the new Firefox Monitor feature.