Firefox Alerts Users When Visiting Breached Sites

Mozilla has added a new feature to Firefox to alert users when they visit a website that has been part of a data breach in the past. 

Earlier this year, the Internet organization launched Firefox Monitor, a service to inform users if their accounts have been part of data breaches. Enjoying support for Cloudflare, the service uses data from Troy Hunt’s Have I Been Pwned (HIBP) website to keep track of compromised accounts.

The newly announced Firefox alert is the latest improvement Mozilla brings to Firefox Monitor and takes advantage of the very same HIBP data to warn users of breached websites. 

“To help users who might have otherwise missed breach news or email alerts, we are integrating alerts into Firefox that will notify users when they visit a site that has been breached in the past. This feature integrates notifications into the user’s browsing experience,” Mozilla’s Luke Crouch explains.

What users should keep in mind when receiving these alerts, however, is the fact that neither HIBP nor Mozilla know if they changed their passwords after a breach or if they reused the same passwords on another account. 

“So we do not know whether an individual user is still at risk, and cannot trigger user-specific alerts,” Crouch points out. 

Initially, Firefox will display the alert if the user has never seen such a warning before, but only for breached sites that have been added to HIBP within the last 12 months. After that, the alert will be displayed to the user if they visit a breached site that has been added to HIBP within the last 2 months.

The 12-month and 2-month policy, Mozilla believes, involves reasonable timeframes to inform users on password-reuse and unchanged-password risks. 

“A longer alert timeframe would help us ensure we make even more users aware of the password-reuse risk. However, we don’t want to alarm users or to create noise by triggering alerts for sites that have long since taken significant steps to protect their users. That noise could decrease the value and usability of an important security feature,” Crouch says. 

The initial approach is meant to bring attention, awareness, and information to users, as well as to begin receiving feedback from them. 

Moving forth, however, Mozilla plans on implementing a more sophisticated alert policy, and says it would work together with users, partners, and service operators for that. Such a policy would be based on “stronger signals of individual user risk, and website mitigations.”

Related: Credential Stuffing Attacks Are Reaching DDoS Proportions

Related: Firefox Notifies Users of Compromised Accounts