Mozilla's Firefox Monitor tells you if your accounts have been compromised

Updated September 25, 2018: Firefox Monitor is now available to everyone (opens in new tab) after its initial round of testing. To get started, you can head to The original story follows.

If all of the data breaches hitting the news over the past several years have you worried, Mozilla is working on a tool that will help you keep an eye on your accounts. Called Firefox Monitor (opens in new tab), the website will allow you to check your email addresses against a database of known breaches to see if any of your personal data has been exposed.

To get the ball rolling, Mozilla has partnered with (HIBP), which operates a database of email addresses that have been found to have been compromised in data breaches. Firefox Monitor will work by checking the email address you enter against the HIBP database in a secure way. According to Mozilla, it has worked with HIBP and Cloudflare to ensure any data shared with Firefox Monitor is anonymized and your full email address is never shared with any companies other than Mozilla.

From Mozilla:

Visitors to the Firefox Monitor website will be able to check (by entering an email address) to see if their accounts were included in known data breaches, with details on sites and other sources of breaches and the types of personal data exposed in each breach. The site will offer recommendations on what to do in the case of a data breach, and how to help secure all accounts. We are also considering a service to notify people when new breaches include their personal data.

Mozilla says that Firefox Monitor is designed to be used by everyone, but it will offer "additional features" for Firefox users, though it's unclear what those added features will be at the moment.

The tool isn't yet ready for primetime, but Mozilla is gearing up to begin a test next week with around 250,000 people. Should testing go well, Firefox Monitor will be enabled for all Firefox users at a later date.

See Firefox at Mozilla (opens in new tab)

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

  • Website appears to be down
  • I have no problem.
  • So, what's the difference between using this and just going to HIBP?
  • Presumably this will check in the background and alert you if your email address has been compromised. You'd have to make HIBP a regular stop in order to get the same protection manually.
  • You can set up HIBP to notify you if you're found in a new breach, as well. My take on this is that some people will be more comfortable using the service from a well known name Mozilla / Firefox, rather than a slightly more obscure HIBP / Troy Hunt. (More obscure outside the infosec world, anyway, where he's a trusted, upright name.)
  • Having said that, I belong to BreachAlarm, who also checks regularly on their own, without me having to install anything on my end. If my email address comes up as possibly being breached, they'll email me.
  • All this does is use Have I Been Pwned for their info/reports.
  • Yeah, pretty generic.
  • Yup, but it's got a better known name in front of it, for people unfamiliar with HIBP. (Every time HIBP hits the news, there are inevitably comments that the free service must exist to harvest email address. They don't know it's built to be run very cheaply from one trustworthy guy's pocket.)