Today marks the official launch of Firefox Monitor, a web-based tool that tells you if your email address has been subject to an online data breach.
Mozilla first announced Firefox Monitor back in June, and in the intervening months the internet giant has been testing and refining various designs.
For the new security-focused tool, Mozilla partnered with Troy Hunt, the renowned security expert behind Have I Been Pwned? (HIBP), which is a database of data breaches that allows anyone to discover whether one of their online accounts has been compromised.
Firefox Monitor
The first iteration of Firefox Monitor is, for all intents and purposes, a clone of HIBP. After you enter your email address and hit the scan button, you’re told which online services have leaked your personal details (if any). You can also sign up to be notified of any future data breaches involving one or more of your email addresses.
June 5th: The AI Audit in NYC
Join us next week in NYC to engage with top executive leaders, delving into strategies for auditing AI models to ensure fairness, optimal performance, and ethical compliance across diverse organizations. Secure your attendance for this exclusive invite-only event.
It is also worth noting here that Firefox Monitor isn’t actually restricted to Firefox — it‘s a web page that can be accessed from any browser.
Above: Firefox Monitor
So what is the deal here — why bother launching a Firefox-branded version of an existing popular database? Well, there are a couple of likely reasons.
From HIBP’s perspective, having the weight of Mozilla behind it will significantly boost awareness of its database. HIBP currently has just over 2 million people signed up for breach alerts, which sounds like a lot until you learn that there are 3.1 billion unique email addresses in the HIBP database. This means less than 0.1 percent of breached email addresses are being monitored by their respective owners.
“Clearly, I’m barely scratching the surface,” Hunt said in a blog post announcing his partnership with Mozilla back in June. “Firefox has an install base of hundreds of millions of people, which significantly expands the audience that can be reached once this feature rolls out to the mainstream.”
Long term
From Mozilla’s perspective, bolstering its security credentials through tie-ups with well-respected platforms such as HIBP can only add to its reputation. However, as noted already, Firefox Monitor in its current guise isn’t much of an integration because it doesn’t really feed directly into the Firefox browser. Instead, it appears Firefox Monitor as it stands is essentially a minimal viable product (MVP) upon which deeper integrations can be created.
Last year, news emerged that Mozilla was working on a new Breach Alerts feature to inform Firefox users if a site they are visiting has previously been breached. This provides some indication of where Mozilla could be heading with Firefox Monitor — it really has to offer users contextual, real-time alerts.
Mozilla is already piloting a password management tool called Firefox Lockbox, which enables users to store and auto-complete usernames and passwords for websites they visit. Have I Been Pwned? already integrates with password manager 1Password, and it would make a great deal of sense to properly integrate Firefox applications such as Firefox Lockbox with the HIBP database so that users can be informed the moment an online data breach is detected.
“Expect to see Monitor growing and showing up in more places in the Firefox planetary system soon,” Mozilla’s Matt Grimes confirmed in a blog post.
Other similar breach-detection services are in operation today, evidencing the demand for such products. HackNotice launched a few months back on Android, iOS, and the web to help users receive alerts from hacks and data breaches involving their accounts.
It seems rarely a day goes by without another high-profile data breach hitting the headlines, so it’s important that the most popular channels through which we access the internet are working to thwart such attacks. That is why Mozilla’s push into data-breach alerts should be welcomed, even if the feature is still in a fairly early stage.
