Mozilla is joining hands with popular data breach notification website HaveIBeenPwned.com (HIBP) to send an in-browser alert to Firefox browser users if they are visiting a site that was previously hacked and whether their login credentials have been involved in a data breach.
“This is an addon that I’m going to be using for prototyping an upcoming feature in Firefox that notifies users when their credentials have possibly been involved in a data breach,” Mozilla developer Nihanth Subramanya wrote in his Github repository.
“I chose to make it a legacy addon to make it easy to port into Mozilla-central in the future – it will likely involve window manipulation code.”
While HaveIBeenPwned.com has already become a trendsetter, its implementation in Firefox browser will solve two of the biggest problems users face online, 1: Most users remain unaware that their accounts were compromised 2: Hotshot firms hide incidents involving data breaches and do not inform users. One recent example is Uber, who in 2016 suffered a massive data breach in which 73 million users were affected but rather than informing users; the company paid $100,000 to hackers and urged not to leak data online.
Another example is Yahoo who in October 2017 revealed to its users that back in 2013 unknown hackers stole 3 billion Yahoo accounts in one of the biggest data theft feats of that time. But with Firefox new breach alert feature affected firms will have no option but to alert its users or Firefox will do that for them by sending alerts whenever they visit a compromised site.
It is unclear exactly when the new feature will be out for users. However, Troy Hunt, founder of HaveIBeenPwned.com has confirmed working with Firefox on this feature.
As many people have now worked out, yes, we're doing some awesome things with @mozilla and @haveibeenpwned 😎 https://t.co/UFW0CNLGtk
— Troy Hunt (@troyhunt) November 22, 2017
It is indeed a great news for unsuspecting users who had their login credentials compromised due to third-party breach yet never got to know about it until stolen credentials were used for malicious purposes. As for websites, it is a bad news that might force them to spend more money and resources to implement proper security measures to avoid embarrassment.