A data breach happens when personal or private information gets exposed, stolen or copied without permission. These security incidents can be a result of cyber attacks to websites, apps or any database where people's personal information resides. A data breach can also happen by accident like if someone's login credentials accidentally get posted publicly.
Why am I in this breach?
Hackers often target massive companies with millions of users in order to get as much personal information and credentials as they can. These hackers look for a security weakness — the digital equivalent of leaving a door unlocked or window open. Once they find that one door or window, they steal or copy as much personal information as possible. We don't always know what they intend to do with the data, but they will try to find a way to profit from it. While the effects are not usually immediate, the longterm effects can be serious.
What information gets exposed in data breaches?
Not all breaches expose all the same info. It just depends on what hackers can access.
Many data breaches expose email addresses and passwords. Others expose more sensitive information such as credit card numbers, passport numbers and social security numbers.
Do I need to be worried if my information gets exposed during a data breach?
You should take steps to protect your personal information and accounts. If your password and email address gets exposed, hackers can sell that information on the dark web to the highest bidder. Whoever buys that information can try to use it to gain access to your other online accounts. These cyber criminals may try to steal your identity, make purchases or take out loans in your name.
Do I need to do anything if a breach happened years ago or in an old account?
You should still take steps to protect yourself. Sometimes it takes years for credentials exposed in a data breach to surface on the dark web. If you haven't changed your password on the affected account yet, do that right away. If you use that password elsewhere, you should change those too. Otherwise hackers can use your login details on other websites.
I just found out I'm in a data breach. What do I do next?
Does my anti-virus software protect me from data breaches?
Anti-virus software can't prevent data breaches from happening. It scans your computer for viruses and other malicious software, but can't prevent anyone from gaining unauthorized access to your online accounts. Cyber criminals hack the websites themselves, not your computer.
Anti-virus software cannot:
Prevent someone from hacking into a website and stealing your login credentials.
Prevent someone who has your password from logging in to one of your accounts.
Always detect scam or phishing emails that prompt you to enter your email address and password.
Questions about Firefox Monitor
Why did it take so long to notify me of this breach?
It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. We send notifications as soon as a breach is discovered, verified and added to our database.
I don't recognize this company or website. Why am I receiving notifications about this breach?
There are a number of reasons why you might not recognize the company or breach name:
The site may have changed names or been sold to a new company.
It could be an old account you forgot about.
Someone may have created an account for you.
The breach may be a combolist. A combolist is a collection of different data breaches. Hackers combined the passwords and email addresses from many data breaches into one single list.
A data aggregator was breached. These companies collect your information from other sources. Data aggregators compile publicly available data and buy customer data from other companies. You may have an account with a company that sold your information to a data aggregator.
How do I know these emails are really from Firefox and not from a hacker?
Check the email address in the sender's field. Firefox Monitor emails will always come from email@example.com. Firefox will never ask you to enter your login credentials or password in an email. Most online services won't ask you to enter your login info directly from an email. If they do, you should instead go directly to their website to log in.
How does Firefox Monitor treat sensitive sites?
For privacy reasons, email addresses involved in sensitive site breaches are not publicly searchable. You must be logged in or subscribed to Firefox Monitor alerts. To find out if your info appears in a sensitive breach, you'll need to create an account through Firefox Monitor and verify your email.
How does Firefox Monitor know I was involved in these breaches?
Firefox Monitor gets its data breach information from a publicly searchable source, Have I Been Pwned. If you don't want your email address to show up in this database, visit the opt-out page.
Does Firefox Monitor know my passwords?
Firefox Monitor does not know your passwords. It keeps your data anonymous when it transfers breach data to you. Read more about our k-Anonymity technique.
How far back do data breaches in the Firefox Monitor database go?
Firefox Monitor searches for your email in publicly-available data breaches back to 2007.
Can I use Firefox Monitor on other browsers like Chrome or Safari?
Yes. Firefox Monitor works on all browsers. You can create a Firefox account on any browser, and we'll monitor your email for data breaches.
How comprehensive is Firefox Monitor's breach database?
Some breaches may not appear in our database because they haven't been discovered yet. Others might not appear because Have I Been Pwned, our breach source, hasn't been granted access to the details about a particular breach. If a company where you have an account notifies you of a security incident, read the details closely and follow their recommended actions to protect your account.
Do I need to create a Firefox account to get Firefox Monitor alerts?
Yes. However, you may search your email address in publicly available data breaches without creating an account. To sign up for alerts about future breaches and to get your detailed report, you'll need to create a Firefox account on monitor.firefox.com.
I'm already signed up for Firefox Monitor alerts. Do I need to sign up again?
If you subscribed to Firefox Monitor alerts before March 12, 2019, you do not need to create a Firefox account at this time.
How do I unsubscribe from Firefox Monitor alerts?
There'll be a link in the alert email to unsubscribe from alerts. If you no longer have access to that email, please do one of the following:
If you've signed up using Firefox Accounts, visit https://monitor.firefox.com/ and click on your profile icon (or sign in first), then click preferences. Remove the checkmark next to Send breach alerts to the affected email address to stop email notifications, or scroll down to Remove Firefox Monitor to opt out entirely.
Firefox Monitor is a free service provided by Mozilla, which is the same company that created the Firefox browser.
Will Firefox Monitor protect me from data breaches?
No one — not even Firefox — can prevent data breaches from happening. We can alert you about breaches that affect you. We can help you understand what you need to do to mitigate the risks. We can recommend tools to use that make it easier to protect your information online, but you need to take action to protect your accounts. If a breach involved financial information, you'll also need to monitor your own financial accounts and credit reports for anything suspicious.