Firefox Breach Alerts warn about hacked websites

Mozilla has always tried to find different ways to keep Firefox users safer when browsing the Internet. Over the years it has gotten progressively better at accomplishing this goal, but there is always room for improvement. Recently, Mozilla announced Firefox Breach Alerts, a new security measure that more or less turns an optional function into a permanent one.

Firefox Breach Alerts, currently an early development add-on, warns users when they have visited a known hacked website. As reported by Catalin Cimpanu of Bleeping Computer, the add-on, whose code is available on GitHub and is currently compatible only with Firefox Developer Edition, is being integrated as a permanent feature to Firefox in the near future.

Breach Alerts utilizes data compiled by Australian cybersecurity expert Troy Hunt’s website Have I Been Pwned. According to the Bleeping Computer report, Troy Hunt has confirmed that he is working with Mozilla to round out Breach Alerts’ early-status rough edges. In an interview with Cimpanu, Hunt stated the following:

I’ve been working with Mozilla on this... we’re looking at a few different models for how this might work, the main takeaway at present is that there’s an intent to surface data about one’s exposure directly within the browser.

As Cimpanu emphasizes, it is not enough to point out that a user is visiting a hacked website. Instead, he suggests that “Mozilla needs to pay close attention to the language and manner it shows these notifications to users.” By this he means that the company must definitively tell users to change credentials in case of coming into contact with compromised web pages.

The hope is that users will be able to see, with the assistance of Breach Alerts, not only that they are in danger, but also see what accounts of theirs have been put at risk or breached. This add-on’s development will be monitored and reported on as new data comes out about it.

Photo credit: Mozilla

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

How to repair PST files and import data back to Outlook or Office 365

If your business relies on Outlook, you can’t risk losing mailbox data because of PST files corruption. Here’s how to…

2 days ago

Container security rises to meet the challenges of container vulnerabilities

As container technology becomes ubiquitous, container security has become crucial. Here’s a look at some recent innovations in this growing…

2 days ago

Best of CES 2020: Products, innovations, and services

From flying Ubers to rolling robots, CES 2020 had it all — and then some. Here’s a look at some…

3 days ago

Hardening your technology infrastructure in preparation for a DDoS attack

By establishing these 11 appropriate controls beforehand, your organization will be better positioned to withstand and survive a DDoS attack.

3 days ago

Microsoft App-V as an application virtualization solution: Pros & cons

If your shop is considering using App-V as an application virtualization solution, read this article first and weigh the pros…

3 days ago

Ransomware threats: Cybercriminals take their wares to the next level

As companies and individuals harden their defenses against ransomware, hackers are creating new and more virulent ransomware threats.

4 days ago