Mozilla announced an enhancement to their Firefox Monitor service that warns users when they visit a site that has been previously breached.
The new feature now integrates with the user’s browsing experience via Firefox.
Users can use Firefox Monitor to search to see if their email account was involved in a data breach. The service was launched earlier this year. Mozilla said the list of breached sites has been provided by their partner, Have I Been Pwned (HIBP).
“Most people simply don’t know that a data breach has affected them. Which makes it difficult to take the first step to secure their online accounts because they don’t know they’re insecure in the first place,” Mozilla’s Luke Crouch said.
Mozilla also launched a 12-month and 2-month policy methodology in the initial phase of the rollout:
- If the user has never seen a breach alert before, Firefox shows an alert when they visit any breached site added to HIBP within the last 12 months.
- After the user has seen their first alert, Firefox only shows an alert when they visit a breached site added to HIBP within the last 2 months.
The timeframes are used to help alert users of the risks of not changing passwords or re-using the same passwords across multiple sites.
In the future, Mozilla intends to work with users and various partners to help develop a “more sophisticated alert policy” to warn users of user risks and needed website mitigations.