Firefox’s new Monitor service will let you know if you’ve been hacked

firefox monitor have i been pwned integration homepage web

As part of its efforts to make Firefox users feel more secure while browsing the web, Mozilla is launching Firefox Monitor to let users know if they’ve been hacked. By integrating Firefox Monitor with web service Have I Been Pwned (HIBP), users of Mozilla’s browser can quickly check to see if they’ve been hacked by entering their email address. Mozilla is trialing the Firefox Monitor service right now and will invite 250,000 of the more than 500 million Firefox users to help test the service next week. After the testing period, Mozilla expects the service to roll out to all Firefox users.

“We decided to address a growing need for account security by developing Firefox Monitor, a proposed security tool that is designed for everyone, but offers additional features for Firefox users,” Mozilla wrote in a blog post detailing the service. “Visitors to the Firefox Monitor website will be able to check (by entering an email address) to see if their accounts were included in known data breaches, with details on sites and other sources of breaches and the types of personal data exposed in each breach.”

The service monitors the web to see if your email is part of a data dump, and if it is, Firefox Monitor will send an alert to your inbox. To keep your email address secure when you’re checking Firefox Monitor to see if you’re a victim of a data breach, Mozilla claims that your information is anonymized and that the service never sends your full email address to a third party outside of Mozilla. Email lookups are performed using hashing prefixes to keep your information secure.

“When searching HIBP for a password, the client SHA-1 hashes it then takes the first five characters and sends this to the API,” HIBP creator and security researcher Troy Hunt wrote on his blog. “In response, a collection of hashes is returned that match that prefix (477 on average). By looking at the hash prefix sent to the service, I have no idea what the password is. It could be any one of those 477 or it could be something totally different, I don’t know. Of course, I could always speculate based on the prevalence of each password but it would never be anything more than that — speculation.”

In addition to alerting users if their data is breached, Mozilla said that it is also evaluating a service to notify you if your personal data was also compromised. Part of Mozilla’s security strategy is to integrate HIBP’s service with Firefox Lockbox, a password manager that automatically fills in usernames and passwords for websites that you visit on Firefox. In the future, Firefox Monitor will be able to verify your stored Lockbox logins against the HIBP database to give you a more detailed look at what services, passwords, usernames, and accounts may have been compromised in a data breach or attack.

Mozilla advises users to download the latest Firefox Quantum browser to prepare for the launch of Firefox Monitor.

In addition to partnering with Mozilla for Firefox Monitor, Hunt is also working with password manager 1Password to allow HIBP lookups from directly within 1Password’s Watchtower feature.


Apple’s unsafe Mac App Store is simply inexcusable

Multiple reports have indicated top apps in the Mac App Store have been stealing sensitive data right. Not only did Apple fail to properly vet them, it ignored warnings from security researchers for weeks. Is a safe app store too much to…

Here's the Samsung Galaxy S9's new Android 9.0 Pie interface

The Samsung Galaxy S9 and Galaxy S9 Plus are here. The flagship devices boast some awesome new features and a powerful new processor. Here's everything you need to know about these Samsung phones.
Social Media

Facebook is paying cash rewards if you find vulnerabilities in third-party apps

As part of efforts to put the Cambridge Analytica scandal and related issues behind it, Facebook said this week it's expanding its bug bounty program to include third-party apps and websites that could potentially misuse its data.

You’ll lose your cloud saves if your Nintendo Switch Online subscription expires

You'll want to make sure you never let your Nintendo Switch Online subscription lapse if you make use of cloud save data. Failing to do so will result in your cloud saves being erased for good.

Winamp media player might be back from the dead, with Windows 10 support

Winamp might be back from the dead, and it's bringing support for Microsoft Windows 10 with the first new software release since its acquisition by Radionomy in 2014. Fans of the media player will also enjoy new features and bug fixes.

Photoshop isn't required to resize images. Here are 6 ways to do it in seconds

Resizing an image isn't the toughest thing in the world, even if it may seem like a hassle. Here's how to resize an image using six tools that allow you to make quick work of any photo, regardless of your operating system.
Product Review

Canon Pixma Pro-10 review

If you plan to put those digital high-resolution images you’ve shot with a DSLR onto paper, Canon’s Pixma Pro-10 will deliver gallery-quality prints. Just don’t expect it to be speedy.

Heavily overclocked RTX 2080 Ti steals every 3DMark record

Nvidia's RTX 2080 Ti is already the most powerful graphics card ever released, but with liquid nitrogen cooling overclocker Kingpin was able to push the card to new heights and break a bunch of records in the process.

Chromebook keyboard showcase may have leaked Pixelbook 2 images

As we approach Google's #madebygoogle event taking place in early October, new rumors and leaks for a possible Pixelbook 2 are appearing online. This latest one may show what the rumored Nocturne design will look like.
Virtual Reality

Walmart stocks its stores with VR training for its employees

Walmart will begin rolling out virtual reality training experiences to all of its stores this year with the power of Oculus Go. More than 6,300 stores will receive the new technology, helping the company train its employees.

Tap Strap wearable keyboard gains support for VR applications

TAP System's wearable keyboard gains support for virtual reality, now compatible with Windows Mixed Reality, Oculus Rift, and HTV headsets. Type and tap for up to eight hours in VR without needing to look at a physical keyboard.

Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites

A 20-year-old security flaw in the design of the Wi-Fi standard and how computers communicate using the transmission control protocol could allow hackers to perform a web cache poisoning attack to steal your data and login information.

Walmart takes $380 off the MacBook Air for a limited time

Walmart is offering a steep discount on the MacBook Air. Though the $380 discount is lovely, this offer comes with an extra charger to sweeten the deal. If you're looking to pick up an Apple MacBook for less, now is an excellent time.

PDF to JPG conversion is quick and easy using these simple methods

Converting file formats can be an absolute pain, but it doesn't have to be. We've put together a comprehensive guide on how to convert a PDF to JPG, no matter which operating system you're running.