Firefox Monitor is a data breach notification service offered by Mozilla that warns you if your online accounts have been involved in a data leak. Using the Have I Been Pwned database, Firefox Monitor keeps track of known data breaches and notifies you if your online accounts are compromised, providing guidance on how to proactively protect yourself going forward.
Table of Contents
- 1 General questions about data breaches
- 1.1 What exactly is a data breach?
- 1.2 Why am I in this breach?
- 1.3 What information gets exposed in data breaches?
- 1.4 Do I need to be worried if my information gets exposed during a data breach?
- 1.5 Do I need to do anything if a breach happened years ago or in an old account?
- 1.6 I just found out I'm in a data breach. What do I do next?
- 1.7 Does my anti-virus software protect me from data breaches?
- 2 Questions about Firefox Monitor
- 2.1 Why did it take so long to notify me of this breach?
- 2.2 I don't recognize this company or website. Why am I receiving notifications about this breach?
- 2.3 How do I know these emails are from Firefox, not a hacker?
- 2.4 How does Firefox Monitor treat sensitive sites?
- 2.5 How does Firefox Monitor know I was involved in these breaches?
- 2.6 Does Firefox Monitor know my passwords?
- 2.7 How far back do data breaches in the Firefox Monitor database go?
- 2.8 Can I use Firefox Monitor on other browsers like Chrome or Safari?
- 2.9 How comprehensive is Firefox Monitor's breach database?
- 2.10 Do I need to create a Firefox account to get Firefox Monitor alerts?
- 2.11 How much does Firefox Monitor cost?
- 2.12 Will Firefox Monitor protect me from data breaches?
- 3 Related articles
General questions about data breaches
What exactly is a data breach?
A data breach happens when personal or private information gets exposed, stolen or copied without permission. These security incidents can result from cyber attacks on websites, apps or any database where people's personal information resides. A data breach can also happen accidentally, like if someone's login credentials get posted publicly.
Why am I in this breach?
Hackers often target massive companies with millions of users to get as much personal information and credentials as possible. These hackers look for a security weakness — the digital equivalent of leaving a door unlocked or window open. Once they find that one door or window, they steal or copy as much personal information as possible. We don't always know what they intend to do with the data, but they will try to find a way to profit from it. While the effects are not usually immediate, the long-term effects can be severe.
Data breaches often lead to digital identity theft. Once hackers access your personal information, such as emails and passwords, they might try to impersonate you, leading to financial and emotional stress.
What information gets exposed in data breaches?
Not all breaches expose the same information. It just depends on what hackers can access. Many data breaches expose email addresses and passwords. Others expose more sensitive information, such as credit card numbers, passport numbers and social security numbers.
Do I need to be worried if my information gets exposed during a data breach?
You should take steps to protect your personal information and accounts. If your password and email address get exposed, hackers can sell that information on the dark web to the highest bidder. Whoever buys that information can try to use it to gain access to your other online accounts. These cyber-criminals may try to steal your identity, make purchases or take out loans in your name.
Do I need to do anything if a breach happened years ago or in an old account?
You should still take steps to protect yourself. Sometimes it takes years for credentials exposed in a data breach to surface on the dark web. If you haven't changed your password on the affected account yet, do that immediately. If you use that password elsewhere, you should change those too. Otherwise, hackers can use your login details on other websites.
I just found out I'm in a data breach. What do I do next?
Hackers rely on people reusing passwords, so it's important to create strong, unique passwords for all your accounts. Keep your passwords in a safe place that only you have access to; this could be the same place where you store important documents or a password manager. Visit What to do after a data breach to learn more.
Does my anti-virus software protect me from data breaches?
Anti-virus software can't prevent data breaches from happening. It scans your computer for viruses and other malicious software but can't prevent anyone from gaining unauthorized access to your online accounts. Cybercriminals hack the websites themselves, not your computer. Anti-virus software cannot:
- Prevent someone from hacking into a website and stealing your login credentials.
- Prevent someone with your password from logging in to one of your accounts.
- Always detect scam or phishing emails that prompt you to enter your email address and password.
Questions about Firefox Monitor
Why did it take so long to notify me of this breach?
It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. We send notifications as soon as a breach is discovered, verified and added to our database.
I don't recognize this company or website. Why am I receiving notifications about this breach?
There are several reasons why you might not recognize the company or breach name:
- The site may have changed names or been sold to a new company.
- It could be an old account you forgot about.
- Someone may have created an account for you.
- The breach may be a combolist. A combolist is a collection of different data breaches. Hackers combined the passwords and email addresses from many data breaches into one single list.
- A data aggregator was breached. These companies collect your information from other sources. Data aggregators compile publicly available data and buy customer data from other companies. You may have an account with a company that sold your information to a data aggregator.
How do I know these emails are from Firefox, not a hacker?
Check the email address in the sender's field. Firefox Monitor emails will always come from email@example.com. Firefox will never ask you to enter your login credentials or password in an email. Most online services won't ask you to enter your login info directly from an email. If they do, you should instead go directly to their website to log in.
How does Firefox Monitor treat sensitive sites?
Email addresses involved in sensitive site breaches are not publicly searchable for privacy reasons. You must be logged in or subscribed to Firefox Monitor alerts. To find out if your info appears in a sensitive breach, you'll need to create an account through Firefox Monitor and verify your email.
How does Firefox Monitor know I was involved in these breaches?
Firefox Monitor gets its data breach information from a publicly searchable source, Have I Been Pwned. If you don't want your email address to show up in this database, visit the opt-out page.
Does Firefox Monitor know my passwords?
Firefox Monitor does not know your passwords. It keeps your data anonymous when it transfers breach data to you. Read more about our k-Anonymity technique.
How far back do data breaches in the Firefox Monitor database go?
Firefox Monitor searches for your email in publicly-available data breaches back to 2007.
Can I use Firefox Monitor on other browsers like Chrome or Safari?
Yes. Firefox Monitor works on all browsers. You can create a Firefox account on any browser, and we'll monitor your email for data breaches.
How comprehensive is Firefox Monitor's breach database?
Some breaches may not appear in our database because they haven't been discovered yet. Others might not appear because Have I Been Pwned, our breach source, hasn't been granted access to the details about a particular breach. If a company where you have an account notifies you of a security incident, read the details closely and follow their recommended actions to protect your account.
Do I need to create a Firefox account to get Firefox Monitor alerts?
Yes. However, you may search your email address in publicly available data breaches without creating an account. To sign up for alerts about future breaches and to get your detailed report, you'll need to create a Firefox account on monitor.firefox.com.
How much does Firefox Monitor cost?
Firefox Monitor is a free service provided by Mozilla as part of its security products portfolio, along with the subscription products Firefox Relay and Mozilla VPN.
Will Firefox Monitor protect me from data breaches?
No one — not even Firefox — can prevent data breaches from happening. We can alert you about breaches that affect you. We can help you understand what you need to do to mitigate the risks. We can recommend tools to use that make it easier to protect your information online, but you need to take action to protect your accounts. If a breach involves financial information, you'll need to monitor your financial accounts and credit reports for anything suspicious.
- Resolve breaches with Firefox Monitor
- Get started with Firefox Monitor
- What to do after a data breach
- How do I opt out of Firefox Monitor?
- See also Firefox Password Manager - Alerts for breached websites about alerts in Firefox for saved logins and passwords exposed in known data breaches.