Maksim Kabakou - Fotolia
Mozilla recently began testing an integration between Firefox Monitor and Have I Been Pwned to expand the Firefox Monitor breach notification tool to let users know about past data breaches. How does this tool work and how effective can it be for users?
Data breaches have become a significant problem, and one that requires immediate attention to ensure assets and individual data are protected. Enter breach notification.
When Social Security numbers or credit card numbers are stolen, the people affected must be notified. The Federal Trade Commission has a list of steps people should take if their data has been compromised.
The options aren't as clear when data other than Social Security and credit card numbers are stolen, however.
Consider a breach where an account -- and the email account associated with it -- is compromised. It's also possible the password was jeopardized. The type of breach notification users receive will depend on the website. It may send an email, post a notice on the homepage or add a breach notification when users access the site to alert them to the incident and explain what they need to do next to protect their accounts. The steps vary for each website and could require more than a password change.
Yet, it's easy for users to miss breach notifications and, as a result, those affected won't know what to do to protect themselves. But help is on the way.
For example, last fall, Mozilla introduced an integration between Firefox Monitor and Have I Been Pwned (HIBP) to notify users about security incidents on websites they visit. HIBP is a database compiled from known compromised websites that includes the email addresses exposed and other details about the incident. The Firefox Monitor breach notification lets users know if the website they're visiting has been recorded in the HIPB database.
While some issues still remain as this integration is implemented, its potential benefit could outweigh concerns involving market confusion or alert fatigue. For this tool to be successful, however, it will be important for its backers to explain how the data detailing breaches is validated and managed.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Data security breaches
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading