Firefox to issue warnings when a website has been hacked

Posted Nov 24, 2017 by James Walker
Mozilla is developing a new Firefox feature that will show you an alert when a website has been hacked. The browser will tap into a database of historical data breaches to provide warnings about sites that have previously suffered a security compromise.
A man is seen next to a Firefox logo at a Mozilla stand during the Mobile World Congress in Barcelon...
A man is seen next to a Firefox logo at a Mozilla stand during the Mobile World Congress in Barcelona
Albert Gea / Reuters / File
Breach alerts
Code for the upcoming feature is visible inside the Firefox source repository on GitHub. It's currently called "Breach Alerts" and has only recently entered development. After the repository was spotted online, security expert Troy Hunt confirmed on Twitter that Have I Been Pwned will be providing data for Mozilla's Breach Alerts.
Have I Been Pwned is a site run by Hunt which indexes public data breaches to help web users stay secure. You can enter your email address on the website to discover whether your information was included in any of the known data breaches uploaded to the service. Breaches added to Have I Been Pwned will be available to the Firefox web browser, helping to power "awesome things" including Breach Alerts.
The code for the feature can already be compiled and used in the developer edition of Firefox. It displays a basic warning below the address bar when you visit a website present in Have I Been Pwned's database. The message currently notifies you that the site was previously hacked and provides a non-functioning input field to let you search for your details.
Potential problems
The early warning alerts could help web users gain awareness of data breaches. General users who don't follow technology news might not necessarily know of historical incidents that could have affected their accounts. If they're returning to a service after a few years, the messages could be a way to gain information about the incident. They'll also alert new users who are still evaluating a service.
READ NEXT: GE's smart lights can now integrate with Alexa, Google Assistant
For the impacted companies, this could present a problem. Firms which have suffered serious breaches are unlikely to want web browsers to start publicising historical events. In comments to BleepingComputer, Hunt said the team is addressing the concerns and investigating "a few different models" for showing the messages. The current aim is to help individuals find out whether they've been involved in breaches without leaving the current page.
If properly implemented with careful wording, the feature could be a valuable tool for consumers who miss the news coverage of a serious breach. Initial responses from users have been generally supportive of the idea, recognising the potential of the alerts. It could help to increase the exposure of data breaches, eventually pushing companies towards improving their security and lowering the number of overall incidents.