Mozilla Foundation engineers are working on a notification system for Firefox that will display security warnings to users who visit websites that have suffered data breaches.
The alert system will use the data contained in the Have I Been Pwned, a website that includes all known data breaches and features a search for users who wish to see if their personal information (name, code access).
Jobs for this project have just begun, and the source code for displaying these warnings is not even included in the basic Firefox code but works separately as an add-on.
“The [Breach Notifications Alerts] is an addon that I'm going to use to prototype an upcoming feature in Firefox that notifies users when their credentials have been potentially involved in a data breach," Mozilla engineer Nihanth Subramanya says in the addon's description.
The code of this add-on is available in GitHub and anyone who wants it can do a compile to get it to Firefox. Please note that only Firefox Developer Edition is currently supported.
The add-on is still in early stages of development and alerts are currently enabled when the user visits a site that is included in the Have I Been Pwned public violation list.
This new warning system will surely shake off the companies that have been tampered with. Have I Been Pwned can offer the same service, but it's not the same. It's very different to display this information from a browser that uses millions of users and shows violations that have happened years ago.
"I'm working with Mozilla on this," said Troy Hunt, the researcher behind Have I Been Pwned.
"We're looking at a few different models of how it might work, but the main achievement is that we intend to display warnings about data that has been directly exposed by the browser," says Hunt.
One thing is for sure that the Mozilla Foundation should pay special attention to how it will display the warnings. It should focus less on the security incident and put more emphasis on encouraging users to change their credentials on infringing websites.
See the add-on Breach Alerts