This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Received email from mozilla could it be a phishing email?

more options

Hi there I receive an email which claims to be from Firefox Monitor. Address is Firefox Monitor <breach-alerts@mozilla.com>

Picture is attached

I'm not sure this is legitimate as I have tried to log on to Mozilla Support but it does not recognise my email address.

Could you investigate and feedback?

If it is legitimate can kindly provide details of course of action to be taken.

thank you

Hi there I receive an email which claims to be from Firefox Monitor. Address is '''Firefox Monitor <breach-alerts@mozilla.com>''' Picture is attached I'm not sure this is legitimate as I have tried to log on to Mozilla Support but it does not recognise my email address. Could you investigate and feedback? If it is legitimate can kindly provide details of course of action to be taken. thank you
Attached screenshots

All Replies (1)

more options

Hi, if you signed up for Firefox Monitor, you can go directly to the site and see what is going on for your email address, you don't have to use the links in the message:

https://monitor.firefox.com/

Even if you didn't sign up, you still might be able to run a search there. Otherwise, you can run a search on the website which provides data to Mozilla for this service:

https://haveibeenpwned.com/

Regarding "what to do" if there has been a breach, it depends on what data elements were obtained. This article has suggestions: Mozilla Monitor - Frequently asked questions.


This is the information from the second link above about this breach:

During October 2021, 3.1 million email addresses with accounts on the cryptocurrency market capitalisation website CoinMarketCap were discovered being traded on hacking forums. Whilst the email addresses were found to correlate with CoinMarketCap accounts, it's unclear precisely how they were obtained. CoinMarketCap has provided the following statement on the data: "CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the data lists we have seen are only email addresses (no passwords), we have found a correlation with our subscriber base. We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information."

You might wonder, What harm could it do to know just the email address of a customer of a website? If the email address is also the username for login, an attacker might conduct either a brute force attack, trying millions of password combinations, or might try passwords matching that email address stolen from a different website on the assumption that many people re-use passwords across different sites. If you have a strong and unique password for this site, then it doesn't sound like you need to change your password. But you could if you feel safer. If you don't have a login for that site, it's not clear why your email address would be in the data dump; probably CoinMarketCap will release more information in the future about this compromise.