[https://monitor.firefox.com/ Firefox Monitor] lets you find out if your private information has been compromised in an online data breach. For more information, see [[Firefox Monitor]]. __TOC__ =General questions about data breaches= ==What exactly is a data breach?== A data breach happens when personal or private information gets exposed, stolen or copied without permission. These security incidents can be a result of cyber attacks to websites, apps or any database where people’s personal information resides. A data breach can also happen by accident like if someone’s login credentials accidentally get posted publicly. ==What information gets exposed in data breaches?== Not all breaches expose all the same info. It just depends on what hackers can access. Many data breaches expose email addresses and passwords. Others expose more sensitive information such as credit card numbers, passport numbers, and social security numbers. ==Do I need to be worried if my information gets exposed during a data breach?== You should take steps to protect your personal information and accounts. If your password and email address gets exposed, hackers can sell that information on the dark web to the highest bidder. Whoever buys that information can try to use it to gain access to your other online accounts. These cyber criminals may try to steal your identity, make purchases, or take out loans in your name. ==Do I need to do anything if a breach happened years ago or in an old account?== You should still take steps to protect yourself. Sometimes it takes years for credentials exposed in a data breach to surface on the dark web. If you haven’t changed your password on the affected account yet, do that right away. If you use that password elsewhere, you should change those too. Otherwise hackers can use your login details on other websites. ==I just found out my information was hacked during a data breach. What do I do next?== There are several steps you should take: *Read the details about the breach. *Change your password for the compromised account. *Change the password to any other accounts that use the same password. *Contact your bank if financial data like your credit card number, bank account number, or PIN number were exposed in the breach. *Monitor your statements for suspicious activity. *Contact the major consumer credit reporting bureaus (Equifax, Experian, and TransUnion) to take steps to protect yourself from identity theft. Security experts recommend placing a freeze on your credit reports at all three bureaus so no one can apply for credit cards or loans in your name. *Take extra steps to improve your online security like setting up two-factor authentication (2FA). This adds another step to log in in which you receive a code to your phone that has to be manually entered prior to logging in. These websites offer [https://twofactorauth.org/ two-factor authentication]. *Set up a password manager, such as 1Password, LastPass, Dashlane, or Bitwarden. Hackers know many people reuse passwords. Password managers can create strong passwords, store them securely, and auto-fill them in to websites. Because password managers encrypt your data, it’s difficult for hackers to get access. ==Does my anti-virus software protect me from data breaches?== Anti-virus software can’t prevent data breaches from happening. It scans your computer for viruses and other malicious software, but can’t prevent anyone from gaining unauthorized access to your online accounts. Cyber criminals hack the websites themselves, not your computer. Anti-virus software '''cannot''': *Prevent someone from hacking into a website and stealing your login credentials. *Prevent someone who has your password from logging in to one of your accounts. *Always detect scam or phishing emails that prompt you to enter your email address and password. =Questions about Firefox Monitor= ==Why did it take so long to notify me of this breach?== It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. We send notifications as soon as a breach is discovered, verified, and added to our database. ==I don’t recognize this company or website. Why am I receiving notifications about this breach?== There are a number of reasons why you might not recognize the company or breach name: *The site may have changed names or been sold to a new company. *It could be an old account you forgot about. *Someone may have created an account for you. *The breach may be a combolist. A combolist is a collection of different data breaches. Hackers combined the passwords and email addresses from many data breaches into one single list. *A data aggregator was breached. These companies collect your information from other sources. Data aggregators compile publicly available data and buy customer data from other companies. You may have an account with a company that sold your information to a data aggregator. ==How do I know these emails are really from Firefox and not from a hacker?== Check the email address in the sender's field. Firefox Monitor emails will always come from ''breach-alerts@mozilla.com''. ==How does Firefox Monitor know my information was hacked during a particular breach?== Firefox Monitor gets its data breach information from a publicly searchable source, [https://haveibeenpwned.com/ Have I Been Pwned]. If you don’t want your email address to show up in this database, visit the [https://haveibeenpwned.com/OptOut opt-out page]. ==How far back do data breaches in the Firefox Monitor database go?== Firefox Monitor searches for your email in publicly-available data breaches back to 2007. ==Can I use Firefox Monitor on other browsers like Chrome or Safari?== Yes. Firefox Monitor works on all browsers. You can create a Firefox account on any browser, and we’ll monitor your email for data breaches. ==How comprehensive is Firefox Monitor’s breach database?== Some breaches may not appear in our database because they haven’t been discovered yet. Others might not appear because [https://haveibeenpwned.com/ Have I Been Pwned], our breach source, hasn’t been granted access to the details about a particular breach. If a company where you have an account notifies you of a security incident, read the details closely and follow their recommended actions to protect your account. ==Do I need to create a Firefox account to get Firefox Monitor alerts?== Yes. However, you may search your email address in publicly available data breaches without creating an account. To sign up for alerts about future breaches and to get your detailed report, you’ll need to create a Firefox account on monitor.firefox.com. ==I’m already signed up for Firefox Monitor alerts. Do I need to sign up again?== If you subscribed to Firefox Monitor alerts before March 12, 2019, you do not need to create a Firefox account at this time. ==How much does Firefox Monitor cost?== Firefox Monitor is a free service provided by Mozilla, which is the same company that created the Firefox browser. ==Will Firefox Monitor protect me from data breaches?== No one — not even Firefox — can prevent data breaches from happening. We can alert you about breaches that affect you. We can help you understand what you need to do to mitigate the risks. We can recommend tools to use that make it easier to protect your information online, but you need to take action to protect your accounts. If a breach involved financial information, you’ll also need to monitor your own financial accounts and credit reports for anything suspicious.

Firefox Monitor lets you find out if your private information has been compromised in an online data breach. For more information, see Get started with Mozilla Monitor.

General questions about data breaches

What exactly is a data breach?

A data breach happens when personal or private information gets exposed, stolen or copied without permission. These security incidents can be a result of cyber attacks to websites, apps or any database where people’s personal information resides. A data breach can also happen by accident like if someone’s login credentials accidentally get posted publicly.

What information gets exposed in data breaches?

Not all breaches expose all the same info. It just depends on what hackers can access.

Many data breaches expose email addresses and passwords. Others expose more sensitive information such as credit card numbers, passport numbers, and social security numbers.

Do I need to be worried if my information gets exposed during a data breach?

You should take steps to protect your personal information and accounts. If your password and email address gets exposed, hackers can sell that information on the dark web to the highest bidder. Whoever buys that information can try to use it to gain access to your other online accounts. These cyber criminals may try to steal your identity, make purchases, or take out loans in your name.

Do I need to do anything if a breach happened years ago or in an old account?

You should still take steps to protect yourself. Sometimes it takes years for credentials exposed in a data breach to surface on the dark web. If you haven’t changed your password on the affected account yet, do that right away. If you use that password elsewhere, you should change those too. Otherwise hackers can use your login details on other websites.

I just found out my information was hacked during a data breach. What do I do next?

There are several steps you should take:

• Read the details about the breach.
• Change your password for the compromised account.
• Change the password to any other accounts that use the same password.
• Contact your bank if financial data like your credit card number, bank account number, or PIN number were exposed in the breach.
• Monitor your statements for suspicious activity.
• Contact the major consumer credit reporting bureaus (Equifax, Experian, and TransUnion) to take steps to protect yourself from identity theft. Security experts recommend placing a freeze on your credit reports at all three bureaus so no one can apply for credit cards or loans in your name.
• Take extra steps to improve your online security like setting up two-factor authentication (2FA). This adds another step to log in in which you receive a code to your phone that has to be manually entered prior to logging in. These websites offer two-factor authentication.
• Set up a password manager, such as 1Password, LastPass, Dashlane, or Bitwarden. Hackers know many people reuse passwords. Password managers can create strong passwords, store them securely, and auto-fill them in to websites. Because password managers encrypt your data, it’s difficult for hackers to get access.

Does my anti-virus software protect me from data breaches?

Anti-virus software can’t prevent data breaches from happening. It scans your computer for viruses and other malicious software, but can’t prevent anyone from gaining unauthorized access to your online accounts. Cyber criminals hack the websites themselves, not your computer.

Anti-virus software cannot:

• Prevent someone from hacking into a website and stealing your login credentials.
• Prevent someone who has your password from logging in to one of your accounts.
• Always detect scam or phishing emails that prompt you to enter your email address and password.

Questions about Firefox Monitor

Why did it take so long to notify me of this breach?

It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. We send notifications as soon as a breach is discovered, verified, and added to our database.

I don’t recognize this company or website. Why am I receiving notifications about this breach?

There are a number of reasons why you might not recognize the company or breach name:

• The site may have changed names or been sold to a new company.
• It could be an old account you forgot about.
• Someone may have created an account for you.
• The breach may be a combolist. A combolist is a collection of different data breaches. Hackers combined the passwords and email addresses from many data breaches into one single list.
• A data aggregator was breached. These companies collect your information from other sources. Data aggregators compile publicly available data and buy customer data from other companies. You may have an account with a company that sold your information to a data aggregator.

How do I know these emails are really from Firefox and not from a hacker?

Check the email address in the sender's field. Firefox Monitor emails will always come from breach-alerts@mozilla.com.

How does Firefox Monitor know my information was hacked during a particular breach?

Firefox Monitor gets its data breach information from a publicly searchable source, Have I Been Pwned. If you don’t want your email address to show up in this database, visit the opt-out page.

How far back do data breaches in the Firefox Monitor database go?

Firefox Monitor searches for your email in publicly-available data breaches back to 2007.

Can I use Firefox Monitor on other browsers like Chrome or Safari?

Yes. Firefox Monitor works on all browsers. You can create a Firefox account on any browser, and we’ll monitor your email for data breaches.

How comprehensive is Firefox Monitor’s breach database?

Some breaches may not appear in our database because they haven’t been discovered yet. Others might not appear because Have I Been Pwned, our breach source, hasn’t been granted access to the details about a particular breach. If a company where you have an account notifies you of a security incident, read the details closely and follow their recommended actions to protect your account.

Do I need to create a Firefox account to get Firefox Monitor alerts?

Yes. However, you may search your email address in publicly available data breaches without creating an account. To sign up for alerts about future breaches and to get your detailed report, you’ll need to create a Firefox account on monitor.firefox.com.

I’m already signed up for Firefox Monitor alerts. Do I need to sign up again?

If you subscribed to Firefox Monitor alerts before March 12, 2019, you do not need to create a Firefox account at this time.

How much does Firefox Monitor cost?

Firefox Monitor is a free service provided by Mozilla, which is the same company that created the Firefox browser.

Will Firefox Monitor protect me from data breaches?

No one — not even Firefox — can prevent data breaches from happening. We can alert you about breaches that affect you. We can help you understand what you need to do to mitigate the risks. We can recommend tools to use that make it easier to protect your information online, but you need to take action to protect your accounts. If a breach involved financial information, you’ll also need to monitor your own financial accounts and credit reports for anything suspicious.