Mozilla to embed Have I Been Pwned in new security system

The tool will use Troy Hunt's system to detect accounts embroiled in known data breaches

Mozilla has just unveiled an exciting new upgrade set to debut in future versions of Firefox: a security tool driven by Troy Hunt's "Have I Been Pwned" (HIBP) database.

The overhaul is not unprecedented - back in November 2017, the company announced it would inform users when their accounts had been breached by using the accessible breach API on HIPB. However, this meant users were only notified as and when they visited a breached site. Until now. Mozilla's new system will fully integrate Hunt's lauded HIBP tool into an entirely new site, the ominously named but well-intentioned Firefox Monitor.

The new secondary website will permit users to enter an email address into the database, in order to glean not just whether or not their account was part of a data breach, but if so, to what extent. What's more, users will be offered tailored security recommendations in order to help them shore up their account security.

As a cautionary measure, the tool is being extended to around 250,000 primarily US users, although will no doubt face expansion if well-received. It's a work-in-progress as of yet, and Mozilla is collaborating with HIBP and Cloudflare in order to conceive a method of anonymous data sharing in a bid to ensure ethical data handling and respect of users' privacy.

For his part, Hunt seems enthusiastic. In a blog post entitled "We're Baking Have I Been Pwned into Firefox and IPassword", he said: "This is major because Firefox has an install base of hundreds of millions of people which significantly expands the audience that can be reached once this feature rolls out to the mainstream."

Meanwhile, Mozilla stressed the necessity of such a tool: "From shopping to social media, the average online user will have hundreds of accounts requiring passwords," company spokesperson Peter Dolanjski asserted in a blog post. "At the same time, the number of user data breaches occurring each year continues to rise dramatically [...] We decided to address a growing need for account security by developing Firefox Monitor."

Worried about your increasingly unwieldy portfolio of online accounts? You're certainly not alone. If you can't wait to find out if your passwords are safe, you could just visit the site without Firefox, of course.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021