Mozilla teams up with Have I Been Pwned on a data breach notification feature forย Firefox
Mozilla has collaborated with the website โHave I Been Pwnedย (HIBP)โ to notify its Firefox browser users when they visit a website that has been data breached in the past.
For those unaware, HIPBย is a popular data breach notification website that allows people to check if their login credentials such as email ID or passwords have been leaked by hackers.
Similar to โthis site may be hackedโ warning that Google search shows for a compromised website, the new feature dubbed ‘Breach Alerts’ for Firefox will pop up notifications if a user’s credentials have been involved in a recent data breach.
โThis is an addon that Iโm going to be using for prototyping an upcoming feature in Firefox that notifies users when their credentials have possibly been involved in a data breach,โ Mozilla developerย Nihanth Subramanyaย wroteย in his GitHub repository.
โI chose to make it a legacy addon to make it easy to port into Mozilla-central in the future โ it will likely involve window manipulation code.โ
Speaking to The Register, Subramanyaย said, โThe feature will help expose documentation/educational information about data breaches in the Firefox UI – for example, a โLearn moreโ link in the notification mentioned above leading to a support page.โ
It will โoffer a way for interested users to learn about and opt into a service that notifies them (e.g. via email) when they may be affected by breaches in the future.โ
Troy Hunt, the security expert behind HIBP,ย told Engadget that they were still working on how the implementation will play out. “Firefox is just looking at which sites have been breached and we’re discussing other ways of using the data in the future. They’ve got a broad reach and surfacing this info via Firefox is a great way to get more exposure around data breaches,” Hunt said.
“Iโve been working with Mozilla on this,” Hunt told Bleeping Computer. “Weโre looking at a few different models for how this might work, the main takeaway at present is that thereโs an intent to surface data about oneโs exposure directly within the browser,” he added.
The new feature is available as an add-on code on GitHub, whichย can be compiled by anyone and imported into Firefox. Currently, only Firefox Developer Edition is supported.