This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How does Firefox know when I am visiting a site that has had a breach?

  • 2 cavab
  • 1 has this problem
  • 14 views
  • Last reply by cor-el

more options

I am not using Firefox Monitor, and I am running Firefox 66. I just visited a website, and was told via a popup message in the address bar there had been a breach back in 2010, exposing thousands of passwords. (And of course it suggested I sign up for Firefox Monitor to get details.)

I am wondering how Firefox knew that it should show me that message? Does it regularly download a list of breached sites, or is every site I visit being sent to Mozilla so they can check to see whether it's on a breach list?

I'm hoping it's not the latter as I never agreed to share my browsing history with Mozilla, or anyone else, but I can't find any information about how the browser maintains its list of breached sites.

I am not using Firefox Monitor, and I am running Firefox 66. I just visited a website, and was told via a popup message in the address bar there had been a breach back in 2010, exposing thousands of passwords. (And of course it suggested I sign up for Firefox Monitor to get details.) I am wondering how Firefox knew that it should show me that message? Does it regularly download a list of breached sites, or is every site I visit being sent to Mozilla so they can check to see whether it's on a breach list? I'm hoping it's not the latter as I never agreed to share my browsing history with Mozilla, or anyone else, but I can't find any information about how the browser maintains its list of breached sites.

Modified by malvineous1

All Replies (2)

more options

Hi there,

Not from mozilla but working in data security,

This will work by instead of sending the website address to Mozilla, the Firefox Browser will keep a list of breached websites locally, and therefore instead of it being "Mozilla is checking my websites." It becomes... "I am checking my own websites, against Mozilla's list.".

Again not certain this is the way it works, but 1) Mozilla seem to genueinly care about user privacy 2) Locally checking would also be faster and more effecient.

Monitor solves the problem of a breach that hasn't been added to your local list yet not notifying you, and also notifys you about breaches with your specefic user details in. @Mozilla, can confirm?

more options

Note that there is a setting in "Options/Preferences -> Privacy & Security" to enable Firefox Monitor alerts.