Firefox Breach Alerts warn about hacked websites

Mozilla has always tried to find different ways to keep Firefox users safer when browsing the Internet. Over the years it has gotten progressively better at accomplishing this goal, but there is always room for improvement. Recently, Mozilla announced Firefox Breach Alerts, a new security measure that more or less turns an optional function into a permanent one.

Firefox Breach Alerts, currently an early development add-on, warns users when they have visited a known hacked website. As reported by Catalin Cimpanu of Bleeping Computer, the add-on, whose code is available on GitHub and is currently compatible only with Firefox Developer Edition, is being integrated as a permanent feature to Firefox in the near future.

Breach Alerts utilizes data compiled by Australian cybersecurity expert Troy Hunt’s website Have I Been Pwned. According to the Bleeping Computer report, Troy Hunt has confirmed that he is working with Mozilla to round out Breach Alerts’ early-status rough edges. In an interview with Cimpanu, Hunt stated the following:

I’ve been working with Mozilla on this... we’re looking at a few different models for how this might work, the main takeaway at present is that there’s an intent to surface data about one’s exposure directly within the browser.

As Cimpanu emphasizes, it is not enough to point out that a user is visiting a hacked website. Instead, he suggests that “Mozilla needs to pay close attention to the language and manner it shows these notifications to users.” By this he means that the company must definitively tell users to change credentials in case of coming into contact with compromised web pages.

The hope is that users will be able to see, with the assistance of Breach Alerts, not only that they are in danger, but also see what accounts of theirs have been put at risk or breached. This add-on’s development will be monitored and reported on as new data comes out about it.

Photo credit: Mozilla

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

IFA 2019: All the top smartphone announcements and unveilings

IFA 2019, this year’s version of the annual consumer electronics trade show, did not disappoint. Is one of these smartphones…

1 hour ago

Outlook connectivity: Troubleshooting and solving common issues

IT professionals all dread getting this fevered message from employees and clients: “I’m having Outlook connectivity issues!” Here’s what you…

6 hours ago

Using tags with Azure runbook automation to control your costs

Here’s a script designed to start and stop virtual machines based on tags associated at the resource group level. It…

9 hours ago

Software-defined perimeter solutions: Why this is the future of security

Traditional VPNs are showing their age in the modern cloud-powered workplace. That’s why software-defined perimeter solutions are in your future.

3 days ago

Why you need to check your virtualization host’s NUMA configuration

Should you disallow NUMA spanning in your Hyper-V architecture? There are two sides to this story, and you’ll get both…

3 days ago

Getting started with Visual Studio Code and integrating with Azure DevOps

Coding may not be the No. 1 job duty for cloud admins, but it is often a part of the…

3 days ago