Maksim Kabakou - Fotolia
Mozilla recently began testing an integration between Firefox Monitor and Have I Been Pwned to expand the Firefox Monitor breach notification tool to let users know about past data breaches. How does this tool work and how effective can it be for users?
Data breaches have become a significant problem, and one that requires immediate attention to ensure assets and individual data are protected. Enter breach notification.
When Social Security numbers or credit card numbers are stolen, the people affected must be notified. The Federal Trade Commission has a list of steps people should take if their data has been compromised.
The options aren't as clear when data other than Social Security and credit card numbers are stolen, however.
Consider a breach where an account -- and the email account associated with it -- is compromised. It's also possible the password was jeopardized. The type of breach notification users receive will depend on the website. It may send an email, post a notice on the homepage or add a breach notification when users access the site to alert them to the incident and explain what they need to do next to protect their accounts. The steps vary for each website and could require more than a password change.
Yet, it's easy for users to miss breach notifications and, as a result, those affected won't know what to do to protect themselves. But help is on the way.
For example, last fall, Mozilla introduced an integration between Firefox Monitor and Have I Been Pwned (HIBP) to notify users about security incidents on websites they visit. HIBP is a database compiled from known compromised websites that includes the email addresses exposed and other details about the incident. The Firefox Monitor breach notification lets users know if the website they're visiting has been recorded in the HIPB database.
While some issues still remain as this integration is implemented, its potential benefit could outweigh concerns involving market confusion or alert fatigue. For this tool to be successful, however, it will be important for its backers to explain how the data detailing breaches is validated and managed.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)