OT: Info from newsletter about: How to check if your e-mails have been part of a known data breach.

[PMario]

Hi folks,

Just got a mozilla dev-newsletter. It contained some info, which may be interesting for everyone.

have fun!

mario

Firefox Monitor lets you know when your data is compromised

Step 1 – Visit monitor.firefox.com to see if your email address has been part of a data breach
Through our partnership with Troy Hunt’s “Have I Been Pwned,” your email address will be scanned against a database that serves as a library of data breaches. We’ll let you know if your email address and/or personal info was involved in a publicly known past data breach. Once you know where your email address was compromised you should change your password and any other place where you’ve used that password.

Step 2 – Learn about future data breaches

Sign up for Firefox Monitor using your email address and we will notify you about data breaches when we learn about them. Your email address will be scanned against those data breaches, and we’ll let you know through a private email if you were involved.

[Mark S.]

How do we know that ff monitor won't sell, or allow to be stolen, our submitted addresses?

Why is it firefox.com, and not mozilla.org, the home of firefox?

-- Mark

[HC Haase]

@mark

you don't. I would suggest to go to the source, have I been powned: https://haveibeenpwned.com

I have used that site the past, It looks vert legit and open about what it do. There is also a keepass (password mananger) plugin that use the site and they (recently ) added a add for 1password on the site. If any shady stuff was going on, I am sure these community/company would have reacted. But as Troy statet in the FAQ

How do I know the site isn't just harvesting searched email addresses?

You don't, but it's not. The site is simply intended to be a free service for people to assess risk in relation to their account being caught up in a breach. As with any website, if you're concerned about the intent or security, don't use it.

The ff page do exactly the same as  https://haveibeenpwned.com, but is less transparent. I dont see any reason to use the FF site instead of https://haveibeenpwned.com

[PMario]

On Thursday, September 27, 2018 at 5:44:11 PM UTC+2, Mark S. wrote:

How do we know that ff monitor won't sell, or allow to be stolen, our submitted addresses?

You don't need to use it if you don't trust them. Just make sure, that you change ALL your different passwords from all your accounts, from time to time. 

 

Why is it firefox.com, and not mozilla.org, the home of firefox?

I don't know. You'll need to ask them.

have fun!

mario