X

Mozilla's Firefox Monitor aims to keep your accounts safe

The tool will check your email address against a huge database of known data breaches.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read
Stephen Shankland/CNET

More than 2 million people subscribe to a free service that tells them when one of their accounts is caught up in a data breach. But to Troy Hunt, creator of the Have I Been Pwned database, that's not enough.

That's why, he said in a blog post Monday, he's helping Mozilla put his service in front of even more internet users with its new Firefox Monitor website. Users can enter their account information in the Firefox Monitor website and find out if their username and password has been compromised in a hack or leak.

"This is major because Firefox has an install base of hundreds of millions of people," Hunt said in his blog post, "which significantly expands the audience that can be reached once this feature rolls out to the mainstream."

Mozilla is still testing the feature, and will start inviting some users to try it next week. The company joins other security-minded firms, including account-security companies 1Password and Okta, that are using the Have I Been Pwned database in services that keep internet users safer. The partnerships represent an effort to get the most benefit out of Hunt's hoard of billions of leaked usernames and passwords for everyday internet users. For Mozilla, it's also part of an effort to revamp its Firefox browser with features that protect users from bad actors on the internet.

"We decided to address a growing need for account security by developing Firefox Monitor," Mozilla product manager Peter Dolanjski wrote in a blog post announcing the new feature, who added that the website is "a proposed security tool that is designed for everyone, but offers additional features for Firefox users."

A screenshot of the Firefox Monitor homepage

A mock-up of the Firefox Monitor page, which will let users check their account credentials to see if they've been caught up in a data breach.

Mozilla

Mozilla will invite about 250,000 users to try the service next week. For now, users will be able to enter their email address to learn if their accounts have been compromised. Mozilla is also considering sending notifications about new data breaches to users who register with the service in the future, Dolanjski wrote.

Hunt announced in March he would partner with password manager 1Password, and in his blog post Monday said users can now search Have I Been Pwned directly from the 1Password's Watchtower feature when logged into the password manager on a web browser. What's more, cybersecurity company Okta announced in May it would tap into the Have I Been Pwned Database to tell web users when their passwords are not secure.

For companies like Mozilla, 1Password and Okta to safely compare your data to the information stored in Hunt's database, some technical wizardry is required. So experts have developed systems for querying the database without sending your username or password back and forth in a way that hackers could easily intercept and read.

For Okta, that meant hashing passwords into a random string of characters that is designed to be difficult to turn back into a readable password. Mozilla released details Monday on how it will use hashing to secure user information in Firefox Monitor.

"This new Firefox feature allows users to check for compromised online accounts while preserving their privacy," wrote Luke Crouch, a privacy and security engineer at Mozilla.

Solving for XX: The tech industry seeks to overcome outdated ideas about "women in tech."

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.