This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox Monitor

more options

Firefox Monitor identifies a security breach of IP addresses, phone numbers on Verifications.io, but I haven't got an .io domain. What does this mean?

Firefox Monitor identifies a security breach of IP addresses, phone numbers on Verifications.io, but I haven't got an .io domain. What does this mean?

All Replies (3)

more options

johnhands said

Firefox Monitor identifies a security breach of IP addresses, phone numbers on Verifications.io, but I haven't got an .io domain. What does this mean?

Hello johnhands,

Would you please read this article; especially the section :

I don’t recognize this company or website. Why am I receiving notifications about this breach?

Does that shed a light on it ?

more options

I received a notification from Firefox Monitor that one of my e mail addresses had been breached on the Verifications.io website and that this information had been provided by "have I been pawned". I could not find any reference to verifications.io in my password manager and then visited "have I been pawned" to check for any breach; it reported no breach. So why did Firefox report a breach for a website for which I have no record and claimed that this breach had been reported by "have I been pawned" when this website does not show any breach?

Also how can I find out what my relationship is with Verifications.io

more options

martin-wilkins-it said

I received a notification from Firefox Monitor that one of my e mail addresses had been breached on the Verifications.io website and that this information had been provided by "have I been pawned". I could not find any reference to verifications.io in my password manager and then visited "have I been pawned" to check for any breach; it reported no breach.

Unless Monitor now has a second source of breach data, what you find in Monitor should be supported by a search for the same email address on: https://haveibeenpwned.com/ (no a in pwned)

Data breaches come in all shapes and sizes. If your data was reported in a breach of a company with whom you didn't have an account, some possible scenarios are:

  • your email address was on a list used for purposes such as spamming, online advertising, or credit checks -- unlikely any passwords were stored, but an advertising/credit profile might have been leaked
  • your email address was harvested from the address book of someone with an account -- unlikely any passwords were stored, but your name, address, and phone number might have been leaked
  • your data had been acquired from a data breach of a company where you had an account -- account data might have been leaked, but it might be impossible to determine which one, so if you have addressed the name brand breaches already, you might conclude it is not worth changing passwords again

My main email was in the verifications.io database, and I get the following info on https://haveibeenpwned.com/ :

Verifications.io: In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.

Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, Physical addresses

Note that the specific data elements leaked along with any individual email addresses aren't provided by Monitor or this service; nor would you want them to be, since your email address can be searched anonymously.