Mozilla’s new Firefox Monitor is a quick way to check if
your email address has been compromised (Pwned) or used for spamming.
Mozilla partnered with well-known security expert Troy Hunt who maintains a HIBP database (Have I been Pwned) of over 5 billion compromised accounts and about 3.1 billion unique email addresses. The list of hacked databases is huge and growing.
Hunt said, “Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Firefox has an install base of hundreds of millions of people which significantly expands our audience reach.”
Firefox Monitor allows people to check their email address/s. They can sign up for alerts if their address is added to the HIBP database. While it was developed by Mozilla for Firefox any browser can access and use the page.
Here is a sample breach report of one of my personal emails.
It is safe to use – your details never leave Firefox
Mozilla works closely with HIBP and Cloudflare to create a
method of anonymised data sharing for
Firefox Monitor, which never sends your full email address to a third party,
outside of Mozilla.
GadgetGuy’s take. It is a shock to find you have been Pwned
Well, my personal email address in use since 1992 has been Pwned in two breaches. That explains the
recent Bitcoin extortion emails I have been getting purportedly from me!
I’m a member of an
international hacker group.
As you could probably have guessed, your account XXX@XXX.XXX.AU was hacked, I sent message you from it.
Now I have access
to you accounts! You still do not believe
So, this is your password: XXXXXXXXX, right?
The password was one that I did use some time ago – it is long gone. The email contains generic socially engineered information to make it appear they know more about me. More fool them – I don’t have a Facebook account, pets, children and definitely do not do nasty things online.
You can read more about this extortion in an article by Gadgeteer Thomas Bartlett here.
Anyway, check your email address by clicking here. If it is on the list its time to change all passwords and never, never, never reuse the same password on accounts that could be used for payments, e.g. banking, government, online shopping etc.