Firefox Monitor - Frequently asked questions

Firefox Monitor lets you find out if your private information has been leaked or stolen. For more information, see Firefox Monitor.

What is a data breach? What causes it and what are the consequences?

A "breach" is an incident where private information is accessed, disclosed, or stolen without permission. While a breach can be the result of an intentional, malicious action such as hacking or malware, breaches are more commonly the result of unintentional or inadvertent human failure (For example, someone accidentally posts their administrative credential to a system holding personal data on a publicly available website. Then, the credentials are found and used to gain access to the system and its data.) Firefox Monitor enables people to see where their personal data has been exposed.

I received the verification email from Firefox Monitor but I can’t log in to verify my email address.

You only need to click Verify Your Subscription and Firefox Monitor will record that you’ve verified your email address. There is no need to log in.

What should I do if my data has been breached?

The steps you’ll want to take will probably be different depending on the type of data that’s been compromised. For instance, a physical address by itself is not very sensitive - it’s already generally available through search engines, public records and might still even in be in a printed phone book. But, if that is combined with your name and date of birth it’s more valuable because this combination of information is often used for identification purposes.

Some basic steps you can take right away are:

  • Change any and all affected passwords. If you’ve used that same password on other sites, changes those too. If you can enable two (or multi) factor authentication for accounts, do it.
  • Delete any accounts you had in the past and no longer regularly use. This will help minimize the number of accounts that are potentially hijacked or exposed to future breach riks.
  • Notify any relevant financial institutions if your financial information is at risk, such as banking or securities accounts, debit card, credit card or charge cards.
  • Consider contacting the major consumer credit-reporting bureaus and placing a fraud alert on your name if you think the information breached is enough for someone to assume your financial identity.

If a breach happened years ago, should I still worry?

That depends. The answer is yes if I you haven’t changed your password for that site since the breach happened or if you’ve reused that password on other sites. Once a password/email combination has been leaked, hackers often attempt to reuse that login on other websites. That is why it is so important that you don’t reuse passwords. A password manager like 1Password, LastPass, or Dashlane can generate strong passwords for you, and can help you manage unique passwords for your online accounts.

Where does Firefox Monitor get this information and how do I remove my email from that source?

Firefox Monitor gets data breach information from a publicly-searchable source, Have I been Pwned. If you don’t want your email address to show up in this database, visit their opt-out page.

Why is my data with an organization or company \ I never signed up with?

Your data might have shared with a company or organization that provides services to something you did sign up with. It may also have been shared through friends, imported contact lists, or possibly sold.

I just got an email purported to be from Mozilla saying I've been hacked. Is it genuine?

If the sender is mozilla@e.mozilla.org, the email is genuinely from Mozilla.

// These fine people helped write this article:Joni. You can help too - find out how.

Was this article helpful? Please wait...

Volunteer for Mozilla Support