Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Can i view exact IP / location from which someone tried to sync my profile ?

  • 9 replies
  • 1 has this problem
  • Last reply by rfkelly

more options

So, i've just received an email that someone "signed in to my account with Firefox 18 on 2016-06-23 15:18 UTC" Can i get info which IP/location was used while doing so ? I've already changed my password, but knowing that emails come with some delay and all you need is just a few seconds to sync all your passwords id say its a pretty bad thing..

All Replies (9)

more options

I've called the big guys to help you. Right now, change All of your passwords Everywhere. Also, confirm your e-mail address at those sites just in case.

more options

That's strange. The Sync system changed in 2014 when Firefox 29 was released, and Firefox 18 shouldn't be able to connect to it.

Perhaps the device did not identify itself honestly and is actually running Firefox 29 or newer.

Or perhaps this message refers to a web login?

Or... could it be a phishing message? Can you detect anything suspicious about the links in the message?

more options

here is entire message source: x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uensWQjutc4PB1BMbh5SZmWvZ70i1lWkYdt0DrxE+ovew//zUDQo9zq0ht8DBiByMVbF19w9CwT6WM4qPW0YJ3qGk2oz4i5SJeb58O8z1SneS8A= Authentication-Results:; spf=pass (sender IP is; identity alignment result is fail and alignment mode is relaxed); dkim=pass (identity alignment result is pass and alignment mode is relaxed); x-hmca=pass X-SID-PRA: X-AUTH-Result: PASS X-SID-Result: PASS X-Message-Status: n:n X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w X-Message-Info: NhFq/7gR1vRwaSZwDIomdtH61ngqAz2tQIJh5cBSqeJPKy6DBE4hg8toFIO0/06SxyKCPgQSEC+QDKaxfjtVDwWUvsOg9znUXhR9JzLs9YEYsYRCS+dBe3gN6wAv9fX1NUCPiuOCtPrIZONmf/ywaj/ECqWUsyZBQt2Z5AWq9i+II9s6yv6PwbxtQHq8ylaDTzf2lh4+Be0Yj30CaLdnN9d/I1gwElLziTNmYV8qIGO9hMQNaW/5Ng== Received: from ([]) by over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143); Thu, 23 Jun 2016 08:18:09 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6ujb3doj4mwbngmp2xjutilwl4zbdio3;; t=1466695087; h=Date:Message-Id:From:To:Subject:Content-Type:MIME-Version; bh=4tZOI5IcIJH6KzuihozeMA2mRiGeX0f33OqP00JWvEQ=; b=U1FY935Tju9bVHueEijnMqjSI0Gv5WVCSLnTD+H4uow7hwyFf9xEv1Vt7WT3j8fN iB/twgDrYj+l1dCqvMgpg0/tVDky8udiGhHvw62kBuPhQ5Kk3iiel8Qhl7ZO5L0HQog pDelB8Fvtox0Or8OksG1x+xzOI42SaHRDoErrnkc= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx;; t=1466695087; h=Date:Message-Id:From:To:Subject:Content-Type:MIME-Version:Feedback-ID; bh=4tZOI5IcIJH6KzuihozeMA2mRiGeX0f33OqP00JWvEQ=; b=lXB7ldM2ttEo1Rekv0AapBZqJNlioSiskpkbvYDquHZS58hsFweC254htjLbmQvL Z+1ccqxI1zAHgtvJ1VYeaTNpWiiTr6E4KmPCTWw9abAbDaNk2hJfE38JOsTB0I11sgw T0zr5QV8Truu/w0aCWV90aMhu4dFUAR8PXl2ipUA= X-Mailer: Nodemailer (0.7.1; +;


Date: Thu, 23 Jun 2016 15:18:07 +0000 Message-ID: <> Content-Language: en X-Link:<myemailhere> From: "Firefox Accounts" <> To: <myemailhere> Subject: New sign-in to Firefox Content-Type: multipart/alternative;


MIME-Version: 1.0 X-SES-Outgoing: 2016.06.23- Feedback-ID: Return-Path: X-OriginalArrivalTime: 23 Jun 2016 15:18:09.0276 (UTC) FILETIME=[73252BC0:01D1CD62]


Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable

New sign-in to Firefox

Firefox 18 2016-06-23 15:18 UTC

This is an automated email; if you didn't add a new device to your = Firefox Account, you should change your password immediately at =<myemailhere>. For more information, please visit https://support.mozilla.= org/kb/im-having-problems-with-my-firefox-account

Mozilla. 331 E Evelyn Ave, Mountain View, CA 94041 Mozilla Privacy Policy


Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

<meta =="" charset="3DUTF-8=22" content="3D=22text/html;" http-equiv="3D=22Content-Type=22"> <title>Firefox Accounts</title>


New sign-in to Firefox

Firefox 18
2016-06-23 15:18 UTC

This is an automated email; if you did not authorize this action, = then '''=22 style=3D=22color: #0095dd; = text-decoration: none; font-family: sans-serif;=22>please change your = password. For more information, please visit Mozilla Support.

Mozilla. 331 E Evelyn Ave,= Mountain View, CA 94041
Mozilla Privacy= Policy

more options

The link looks legit. Still hard to understand that the other device identified itself as Firefox 18. ??

more options

well, that was the reason why i've asked is there any chance to get IP/location of the device which tried to log in.. because it looks all legit to me as well...

more options

I don't know. If you didn't already get that information in the email, it might not be publicly available. What I mean is, it might only be logged on the web server and not recorded in the account interface anywhere.

more options

Hi Scr34mik, Firefox Accounts developer here. I'm sorry to say, it sounds like there most likely was an unauthorized access on your account - unfortunately we see these from time to time if e.g. your account password is re-used on other websites that have suffered a data breach [1].

I see that you've already changed your account password, which is great. If you stored other passwords in Firefox Sync, I would recommend changing those passwords as well as described in [2].

In terms of learning what IP accessed your account, we can dig into the server logs if you file a bug at [3] and let us know the email address used on the account. Since it's sensitive log information, we'll need to discuss it in a private bug rather than on the support forum.

We're also working on making such information more easily accessible, by including it in the "new sign-in" notification email directly, and by providing a simple dashboard where you can review the security history of your account. We hope to have this features shipping soon.

[1] [2] [3]

more options

Hello rfkelly, thank you for posting an answer. I've created a new bug report with number 1283084.

Id also like to add that Mozilla need to add 2 step verification with mobile phone to each sign in to firefox sync...

more options

We are indeed working on adding 2FA, in two stages. The first will be simply an email confirmation loop where you need to click a link to confirm each new signin to sync. Once we have that flow working well and in a backwards-compatible manner, we will move towards adding additional methods of verification such as via mobile.