- Aug 2, 2015
- 4,286
When a company suffers a data breach, there are currently a limited number of ways users get to hear about it.
Usually a company will tell its customers via email. At this point, the media often makes a fuss too, which is how bad news is spread to the wider world.
A less obvious but increasingly influential route is through Troy Hunt’s Have I Been Pwned? (HIBP), a breach reporting site we’ve covered a bit recently.
HIBP is influencing breach reporting in two ways. First, because it often hears about breaches before companies do, said companies then hear about problems earlier (although that can still be years on from an incident).
Second, users hear about breaches earlier, both from companies told about them by HIBP but also, if they are registered users, direct via email or by manually checking on the site itself.
For instance, HIBP was behind the discovery of the Disqus breach in October as well as this week’s Imgur incident, to pick only two examples.
Now, Mozilla has had a radical idea – why not display HIBP’s alerts about breached sites inside the Firefox browser itself?
Browsers already warn users about phishing sites, malware downloads and insecure digital certificates, so extending this to data breaches sounds logical.
In a GitHub posting, Mozilla engineer Nihanth Subramanya has posted the code for an experimental add-on that developers can use to test this.
Read more: Involved in a data breach? Firefox to test alerts in the browser
Usually a company will tell its customers via email. At this point, the media often makes a fuss too, which is how bad news is spread to the wider world.
A less obvious but increasingly influential route is through Troy Hunt’s Have I Been Pwned? (HIBP), a breach reporting site we’ve covered a bit recently.
HIBP is influencing breach reporting in two ways. First, because it often hears about breaches before companies do, said companies then hear about problems earlier (although that can still be years on from an incident).
Second, users hear about breaches earlier, both from companies told about them by HIBP but also, if they are registered users, direct via email or by manually checking on the site itself.
For instance, HIBP was behind the discovery of the Disqus breach in October as well as this week’s Imgur incident, to pick only two examples.
Now, Mozilla has had a radical idea – why not display HIBP’s alerts about breached sites inside the Firefox browser itself?
Browsers already warn users about phishing sites, malware downloads and insecure digital certificates, so extending this to data breaches sounds logical.
In a GitHub posting, Mozilla engineer Nihanth Subramanya has posted the code for an experimental add-on that developers can use to test this.
Read more: Involved in a data breach? Firefox to test alerts in the browser
Last edited by a moderator:
