Mozilla teams up with Have I Been Pwned on a data breach notification feature for Firefox
Mozilla has collaborated with the website “Have I Been Pwned (HIBP)” to notify its Firefox browser users when they visit a website that has been data breached in the past.
For those unaware, HIPB is a popular data breach notification website that allows people to check if their login credentials such as email ID or passwords have been leaked by hackers.
Similar to “this site may be hacked” warning that Google search shows for a compromised website, the new feature dubbed ‘Breach Alerts’ for Firefox will pop up notifications if a user’s credentials have been involved in a recent data breach.
“This is an addon that I’m going to be using for prototyping an upcoming feature in Firefox that notifies users when their credentials have possibly been involved in a data breach,” Mozilla developer Nihanth Subramanya wrote in his GitHub repository.
“I chose to make it a legacy addon to make it easy to port into Mozilla-central in the future – it will likely involve window manipulation code.”
Speaking to The Register, Subramanya said, “The feature will help expose documentation/educational information about data breaches in the Firefox UI – for example, a “Learn more” link in the notification mentioned above leading to a support page.”
It will “offer a way for interested users to learn about and opt into a service that notifies them (e.g. via email) when they may be affected by breaches in the future.”
Troy Hunt, the security expert behind HIBP, told Engadget that they were still working on how the implementation will play out. “Firefox is just looking at which sites have been breached and we’re discussing other ways of using the data in the future. They’ve got a broad reach and surfacing this info via Firefox is a great way to get more exposure around data breaches,” Hunt said.
“I’ve been working with Mozilla on this,” Hunt told Bleeping Computer. “We’re looking at a few different models for how this might work, the main takeaway at present is that there’s an intent to surface data about one’s exposure directly within the browser,” he added.
The new feature is available as an add-on code on GitHub, which can be compiled by anyone and imported into Firefox. Currently, only Firefox Developer Edition is supported.