Firefox Monitor
Firefox Monitor identifies a security breach of IP addresses, phone numbers on Verifications.io, but I haven't got an .io domain. What does this mean?
All Replies (3)
johnhands said
Firefox Monitor identifies a security breach of IP addresses, phone numbers on Verifications.io, but I haven't got an .io domain. What does this mean?
Hello johnhands,
Would you please read this article; especially the section :
I don’t recognize this company or website. Why am I receiving notifications about this breach?
Does that shed a light on it ?
I received a notification from Firefox Monitor that one of my e mail addresses had been breached on the Verifications.io website and that this information had been provided by "have I been pawned". I could not find any reference to verifications.io in my password manager and then visited "have I been pawned" to check for any breach; it reported no breach. So why did Firefox report a breach for a website for which I have no record and claimed that this breach had been reported by "have I been pawned" when this website does not show any breach?
Also how can I find out what my relationship is with Verifications.io
martin-wilkins-it said
I received a notification from Firefox Monitor that one of my e mail addresses had been breached on the Verifications.io website and that this information had been provided by "have I been pawned". I could not find any reference to verifications.io in my password manager and then visited "have I been pawned" to check for any breach; it reported no breach.
Unless Monitor now has a second source of breach data, what you find in Monitor should be supported by a search for the same email address on: https://haveibeenpwned.com/ (no a in pwned)
Data breaches come in all shapes and sizes. If your data was reported in a breach of a company with whom you didn't have an account, some possible scenarios are:
- your email address was on a list used for purposes such as spamming, online advertising, or credit checks -- unlikely any passwords were stored, but an advertising/credit profile might have been leaked
- your email address was harvested from the address book of someone with an account -- unlikely any passwords were stored, but your name, address, and phone number might have been leaked
- your data had been acquired from a data breach of a company where you had an account -- account data might have been leaked, but it might be impossible to determine which one, so if you have addressed the name brand breaches already, you might conclude it is not worth changing passwords again
My main email was in the verifications.io database, and I get the following info on https://haveibeenpwned.com/ :
Verifications.io: In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.
Compromised data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, Physical addresses
Note that the specific data elements leaked along with any individual email addresses aren't provided by Monitor or this service; nor would you want them to be, since your email address can be searched anonymously.