Watch out hacked companies, Firefox is going to tell the world about your data leaks
Firefox, the internet browser developed and maintained by Mozilla, will soon have the ability to warn internet users if the website they are viewing has been hacked in the past.
Currently in the prototype phase – as detailed on the code repository GitHub – an engineer said it will tell users when “their credentials have possibly been involved in a data breach”.
In its current build the add-on is “limited to showing a notification bar when you visit a site known by haveibeenpwned.com to have been breached,” Mozilla’s Nihanth Subramanya said.
HaveIBeenPwned is a data breach notification platform built and maintained by Australian cybersecurity researcher and speaker Troy Hunt.
The website lets internet users quickly check if their credentials appear in some of the biggest data breaches and has grown in recent years to hold 4.8 million credentials from 252 separate websites.
On Wednesday (22 November), Mozilla acknowledged development in an update, writing: “We’ve started working on integrating haveibeenpwned.com warnings into Firefox.”
“I’ve been working with Mozilla on this,” Hunt told Bleeping Computer, the technology and cybersecurity website that first reported news of the upcoming add-on.
“We’re looking at a few different models for how this might work, the main takeaway at present is that there’s an intent to surface data about one’s exposure directly within the browser.”
An image published by Bleeping Computer showed a FireFox banner pop-up warning a user that the website they were on – in this case LinkedIn – had previously been subject to a major data breach.
Reacting to the positive reaction to the news online, Hunt tweeted: “As many people have now worked out, yes, we’re doing some awesome things with @mozilla and @haveibeenpwned.”
He added: “Surprised at how much positive feedback this is garnering so quickly.”
It remains unknown if the experts behind rival browsers, be it Chrome or Safari, plan to introduce similar features to their products. But with the amount of breaches occurring in recent years, the move will likely be viewed as a step in the right direction for web users.
Whether the hacked companies agree, that is another matter altogether.