Skip to main content

Firefox’s new Monitor service will let you know if you’ve been hacked

Image used with permission by copyright holder

As part of its efforts to make Firefox users feel more secure while browsing the web, Mozilla is launching Firefox Monitor to let users know if they’ve been hacked. By integrating Firefox Monitor with web service Have I Been Pwned (HIBP), users of Mozilla’s browser can quickly check to see if they’ve been hacked by entering their email address. Mozilla is trialing the Firefox Monitor service right now and will invite 250,000 of the more than 500 million Firefox users to help test the service next week. After the testing period, Mozilla expects the service to roll out to all Firefox users.

“We decided to address a growing need for account security by developing Firefox Monitor, a proposed security tool that is designed for everyone, but offers additional features for Firefox users,” Mozilla wrote in a blog post detailing the service. “Visitors to the Firefox Monitor website will be able to check (by entering an email address) to see if their accounts were included in known data breaches, with details on sites and other sources of breaches and the types of personal data exposed in each breach.”

Recommended Videos

The service monitors the web to see if your email is part of a data dump, and if it is, Firefox Monitor will send an alert to your inbox. To keep your email address secure when you’re checking Firefox Monitor to see if you’re a victim of a data breach, Mozilla claims that your information is anonymized and that the service never sends your full email address to a third party outside of Mozilla. Email lookups are performed using hashing prefixes to keep your information secure.

Please enable Javascript to view this content

“When searching HIBP for a password, the client SHA-1 hashes it then takes the first five characters and sends this to the API,” HIBP creator and security researcher Troy Hunt wrote on his blog. “In response, a collection of hashes is returned that match that prefix (477 on average). By looking at the hash prefix sent to the service, I have no idea what the password is. It could be any one of those 477 or it could be something totally different, I don’t know. Of course, I could always speculate based on the prevalence of each password but it would never be anything more than that — speculation.”

In addition to alerting users if their data is breached, Mozilla said that it is also evaluating a service to notify you if your personal data was also compromised. Part of Mozilla’s security strategy is to integrate HIBP’s service with Firefox Lockbox, a password manager that automatically fills in usernames and passwords for websites that you visit on Firefox. In the future, Firefox Monitor will be able to verify your stored Lockbox logins against the HIBP database to give you a more detailed look at what services, passwords, usernames, and accounts may have been compromised in a data breach or attack.

Mozilla advises users to download the latest Firefox Quantum browser to prepare for the launch of Firefox Monitor.

In addition to partnering with Mozilla for Firefox Monitor, Hunt is also working with password manager 1Password to allow HIBP lookups from directly within 1Password’s Watchtower feature.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
ChatGPT just got a bump to its coding powers
ChatGPT collaborating with Notion

For its penultimate 12 Days of OpenAI announcement, the company revealed a trio of updates to ChatGPT's app integration on Thursday, which should make using the AI in conjunction with other programs on your desktop less of a chore.

OpenAI unveiled ChatGPT's ability to collaborate with select developer-focused macOS apps, specifically VS Code, Xcode, TextEdit, Terminal, and iTerm2, back in November. Rather than needing to copy and paste code into ChatGPT, this feature allows the chatbot to pull specified content from the coding app as you enter your text prompt. ChatGPT, however, cannot generate code directly into the app, as Cursor or GitHub Copilot are able to.

Read more
Here’s why some PC gamers shouldn’t install the latest Windows 11 update
Overwatch 2 running on the LG OLED 27 gaming monitor.

The latest Windows 11 update, codenamed 24H2, has been a troubled rollout for Microsoft, but one thing's been clear from the beginning: PC gamers should wait to install it. Let's add another issue to the list, shall we?

As spotted by Windows Latest, Microsoft has confirmed in an update to its Windows 11 24H2 problems page, that Windows 11 24H2 is causing issues with its Auto HDR feature. The result of the bug is that incorrect colors are being displayed or, even worse, are breaking games entirely and causing them to not be responsive.

Read more
Someone just got the Intel B570 GPU a month in advance — and it works
ASRock's Arc B570 Challenger GPU.

Although Intel's Arc B580 is already here, the B570 is only set to launch on January 16. However, a German retailer listed the card well ahead of time and, surprisingly, one B570 actually shipped to a customer. The B580 is one of the best graphics cards for budget-conscious gamers, but how will the B570 compare?

Early listings and preorders happen shockingly often. For example, yesterday we found an RTX 5090 PC priced at well over $6,000. However, those listings often don't amount to much, and the items don't ship until their designated release dates -- but not this time.

Read more