Firefox will notify users who visit sites that suffered a data breach

Mozilla developer revealed the Firefox browser will soon include a new feature to notify users who visit sites that suffered a data breach

Firefox browser is going to introduce a new security feature to make the users’ experience online more secure, it will warn users if they visit websites that have experienced data breaches.

The news was revealed by the Mozilla developer Nihanth Subramany and it was confirmed by the presence of a recently-released GitHub repo titled “Breach Alerts Prototype.”

“This is an extension that I’m going to be using as a vehicle for prototyping basic UI and interaction flow for an upcoming feature in Firefox that notifies users when their credentials have possibly been leaked or stolen in a data breach.” states the description published on GitHub.

The developer has teamed with haveibeenpwned.com as data source related for data breaches.

The new feature is still not complete, the developer explained that in its current state it is in no way meant to represent actual production code, or how the feature will work or look like when it ships.

He also listed the following basic goals for the new security feature:

  1. Inform users about data breaches through the Firefox UI – for example, a notification when they visit a site (or maybe when they focus a form on a login page) known to have recently been breached.
  2. Expose documentation/educational information about data breaches in the Firefox UI – for example, a “Learn more” link in the notification mentioned above leading to a support page.
  3. Offer a way for interested users to learn about and opt into a service that notifies them (e.g. via email) when they may be affected by breaches in the future.

FireFox data breach notification service

The developer also approached privacy concerns since the users would need to supply an email address to receive security notifications.

“The third goal brings up some privacy concerns, since users would need to supply an email address to receive notifications. Who is the custodian of this data? Can we avoid sending user data to haveibeenpwned.com? Can we still offer useful functionality to users who opt out of subscribing their email address? While the project is still in infancy, the idea is to offer as much utility as possible while respecting the user’s privacy.” added the developer.

The notifications will also include old data breaches such as the ones suffered by Adobe.com or LinkedIn.com several years ago.


Pierluigi Paganini

(Security Affairs – FireFox browser, data breach)



The post Firefox will notify users who visit sites that suffered a data breach appeared first on Security Affairs.



Leave a Reply