Firefox to warn users when visiting breached websites

The Firefox web browser is looking to alert visitors whenever they visit a website that is known to have suffered a data breach.

While the ‘Breach Alerts’ feature will issue a warning about a website, it won’t actually prevent users from visiting it.

“This is an extension that I’m going to be using as a vehicle for prototyping basic UI and interaction flow for an upcoming feature in Firefox that notifies users when their credentials have possibly been leaked or stolen in a data breach,” according to Nihanth Subramanya, a developer with Mozilla, the browser’s makers, writing on his GitHub repository.

The in-browser warnings, which are currently being piloted, will rely on data provided by Have I Been Pwned? (HIBP), a website that tracks data breaches and tells users if their personal details have been exposed.

Security researcher Troy Hunt, the brains behind HIBP, confirmed the reports. “Firefox is just looking at which sites have been breached and we’re discussing other ways of using the data in the future,” he is quoted as saying by Engadget. “They’ve got a broad reach and surfacing this info via Firefox is a great way to get more exposure around data breaches.”


Image source: Twitter

Users of Firefox’s Developer Edition who are intent on taking the feature for a test drive can download it from GitHub, then compile and import to Firefox.

The extension includes an input field where users can subscribe to email notifications alerting them when they may be affected by a future breach. Subramanya admitted, however, that this functionality raises some privacy concerns, “since users would need to supply an email address to receive notifications”.


Image Source: Bleeping Computer

There is no word yet on when the alerts will be baked into a standard Firefox release. Once the feature is rolled out en masse, however, it is poised to act as a constant reminder of hacks suffered by particular websites. Given their frequent occurrence, security breaches aren’t easy to keep track of, which is also where Firefox intends to come in.

In the latest in a long list of hacked websites, image-hosting website Imgur confirmed last week that the email addresses and passwords of 1.7 million user accounts had been stolen back in 2014.

Meanwhile, it has been an eventful few weeks for Firefox, which, per figures from October, commands a little over 6% of the browser market share globally. On November 14, Mozilla released an all-new Firefox version, aka Firefox 57 or Quantum, touting it as “by far the biggest update we’ve had since we launched Firefox 1.0 in 2004”.

Author , ESET

  • Fer O’Neil

    The third-to-last paragraph brings up a good point, regarding “alert fatigue”. Eventually, it’s foreseeable that every website you visit will have had a breach incident in the past. As we learned from the Google research at Usenix 2013 “Alice in Warningland”, when users are confronted with many security warnings/alerts, they tend to just ignore them/dismiss them without even reading them. Will FF’s new alerting dilute user’s attitudes toward data breach alerts?

Follow us

Copyright © 2018 ESET, All Rights Reserved.