Data breach warning
I received a warning mail from Firefox Monitor about a data breach where my e-mail adress and password could have been stolen. However the site which was involved (nitro, gonitro.com) is unknown by me and I don't have an account there. Therefore I cannot change my password for that site. I have visited that site and as far as I can see it is not even possible to login. Is there anything I can or should do to stay safe?
All Replies (4)
Yo9u have posted this in the Thunderbird support forum. Did you intend that or were you aiming for the Firefox one or something else.
Thanks for the quick reply. I did not realy know where to put is. It is about Firefox Monitor, but it involves my e-mail adress. This is why I posted it on the Thunderbird part as there was no section about Firefox Monitor. When you think it will be better to post it in the Firefox section, I will do so and mark this thread as solved.
re :I received a warning mail from Firefox Monitor about a data breach where my e-mail adress and password could have been stolen.
Are you absolutely sure this email really was from Firefox Monitor ? Could it have been a fake/spoof email trying to get you to logon by clicking on a link within the email? If you hover over links you can see the real link info in the bottom status bar.
Do you allow remote content to auto display? If yes, then advise you do not allow remote content.
Hi Albert-Knop, assuming it was real:
Firefox Monitor provides data about breaches on all kinds of sites: sites where you had an account, sites of data brokers that sells people's contact information, sites whose owners bought lists from data brokers, and so on.
If the breach was not a site where you directly had an account, they probably didn't leak your password or security questions/answers associated with your email address -- how would they have gotten them?
I went to the site of Mozilla's data partner, https://haveibeenpwned.com/, to learn more:
In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents.
The linked article from Bleeping Computer reports that the company believes the email addresses were from users of its free online PDF conversion service. Since that service didn't require creating an account, the company disputes that there were account passwords in the data (even if their own database had something in the password column). Weird.
Probably if you used a free online PDF conversion service, and even if you created an account there, you wouldn't have re-used any value passwords from important accounts. If you re-use passwords, then it would be a good idea to change passwords on any accounts that could have had the same password (since the easiest attack is just to submit the disclosed username and password everywhere on the web).