Skip to main content

Firefox Monitor: Mozilla Tests Tool That Reveals if Hackers Have Your Email

Most people notice when their homes are broken into. How could you not? There's often some form of property damage, disheveled possessions, or, plainly, items missing. Knowing you've been digitally compromised, however, is much harder. That's why Mozilla partnered with Cloudflare and Have I Been Pwned? (HIBP) on a new Firefox Monitor security tool that promises to securely check to see if your accounts have been hacked.

HIBP already lets you enter your email address to see if it's present in databases publicly released by hackers. Firefox Monitor aims to make searching HIBP even more secure and to expand the service's audience to hundreds of millions of people.

Mozilla said Firefox Monitor was also designed to prevent third parties from learning your email address as you search, so no one will know you're afraid you've been attacked.

Mozilla said it plans to test Firefox Monitor with roughly 500,000 people, mostly in the U.S., to start and that this will be limited to the experimental Firefox Quantum browser. It will eventually expand to all Firefox users, presumably after Mozilla, HIBP and Cloudflare see how the first iteration of the tool works out. 

You can learn more about the technical details from blog posts by Mozilla and Cloudflare.

HIBP creator and operator Troy Hunt discussed the Mozilla partnership in a blog post of his own:

"I'm really happy to see Firefox integrating with HIBP in this fashion, not just to get it in front of as many people as possible, but because I have a great deal of respect for their contributions to the technology community. In particular, Mozilla was instrumental in the birth of Let's Encrypt, the free and open certificate authority that's massively increased the adoption of HTTPS on the web. Arguably, the work done by Mozilla's Josh Aas and Eric Rescorla (still the Mozilla CTO today) has been one of the greatest contributions to online privacy and security we've seen, and Mozilla remains a platinum sponsor to this day."

Hunt said that HIBP has also been integrated in the online version of 1Password, a password manager available on macOS, Windows and mobile devices. The utility has been included as part of 1Password's Watchtower feature, which aims to help the app's users figure out if their passwords are secure, and is likely to expand to the desktop versions of 1Password after the online implementation helps the developers work out the kinks.

The expansion of HIBP should make it easier than ever for people to find out if they've been affected by a data breach. Companies have gotten better about informing their users about breaches, but they aren't perfect, and giving people more ways to investigate their own security is always welcomed.

  • Urzu1000
    I would have appreciated some more technical details in this article. As is, what's written here says nothing except for "Firefox is incorporating HIBP and somehow Cloudflare is also there somewhere. And it's anonymous." which is cool, but I'd much rather read about what's written in their linked security blog post. https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/
    Reply