Firefox to Get New Security Tool With 'Have I Been Pwned' Email Database Integration

Mozilla has announced a new security tool for users of its Firefox web browser. Called Firefox Monitor, the website lets visitors check if their accounts have been included in known data breaches and the types of data exposed in each breach.

The security tool is the result of a partnership between Mozilla and HaveIBeenPwned.com (HIBP), a site set up by security researcher Troy Hunt that includes a database of email addresses that are known to have been compromised in data breaches.

Thanks to the partnership, Firefox is able to check email addresses against the HIBP database via a method of anonymized data sharing (full details can be found in Troy Hunt's blog post). The new tool builds on Firefox's existing HIBP integration, which tells users if a site they are visiting was previously exposed in a data breach.


In February, password management app 1Password announced its own partnership with HIBP, which lets users check that their passwords haven't been leaked online. Since that time, developers AgileBits have built the Pwned Passwords database list into its 1Password desktop apps. As of today, users can also search HIBP from directly within 1Password via the Watchtower feature in the web version of the product.

Mozilla says it will begin trialling the new integration between HIBP and Firefox to make breach data searchable over the coming weeks.

Firefox Quantum is available for macOS as a free download directly from the Mozilla website.



Top Rated Comments

(View all)
Avatar
11 months ago

If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.


No it can't,..I don't know where you are making up this information from, but it's wrong.
Rating: 4 Votes
Avatar
11 months ago

I used to like the old pre-Firefox, “Mozilla” browser. Remember that?

I'm fine with speed improvements in FF58+ I

If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.

I recommend you to read something about hashes.
Rating: 4 Votes
Avatar
11 months ago

I'm assuming you can opt out of this "feature" where they send your email to this third party?

Did you read the full article? It says Mozilla uses “anonymized data sharing” so your email address won’t be revealed to third parties!
Rating: 1 Votes
Avatar
11 months ago

If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.


That is impossible
Rating: 1 Votes
Avatar
11 months ago
Your e-mail could be brute-forced from the hash -- but it cannot be reversed.

Eg, the service could say "I have a hash abf112bacd3489... is this hash equal to a@gmail.com? No? How about b@gmail.com? No?"

However, nobody... NOBODY is going to take the time to brute-force each individual email/hash. It would take way too much time and effort.
Rating: 1 Votes
Avatar
11 months ago

If they are creating a hash of my email it can be reversed engineered back to my email. No thanks.

Firefox will not only hash your email with SHA-1, it will send only the first 6 characters of that hash to HIBP. That amount of data is useless to try to recreate your email.
Rating: 1 Votes
Avatar
11 months ago
I'm assuming you can opt out of this "feature" where they send your email to this third party?
Rating: 1 Votes
[ Read All Comments ]