Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Pesquisar no apoio

Evite burlas no apoio. Nunca iremos solicitar que telefone ou envie uma mensagem de texto para um número de telefone ou que partilhe informações pessoais. Por favor, reporte atividades suspeitas utilizando a opção "Reportar abuso".

Saber mais

I received a breach alert from Mozilla Monitor 4 months after breach occurred - was this a bogus alert?

  • 3 respostas
  • 1 tem este problema
  • 180 visualizações
  • Última resposta por James
  • Open

Patrick
Patrick

Today (February 25, 2026) I received an email notice, apparently from Mozilla Monitor, advising me that my "Email addresses, Partial credit card data, Passwords, and Phone numbers" had been exposed in a data breach at Canadian Tire. This email seemed legitimate (the sender was breach-alerts@mozilla.com), but since it gave me a link to login to Mozilla Monitor, my first concern was that this might be a phishing email and it would be dangerous to click on that link. Instead, I went through the Firefox settings to login to my Firefox account and from there, I checked what Monitor had reported. The Canadian Tire breach was not listed there. However, when I went to haveibeenpwned.com, the Canadian Tire breach was listed there. It showed that the breach occurred on October 25, 2025. So why was the breach not listed for me on Mozilla Monitor? And why would I have received an alert from Monitor 4 months after the breach? Was this breach alert notice actually a phishing scam perpetrated by someone using the information from haveibeenpwned.com as bait?

Today (February 25, 2026) I received an email notice, apparently from Mozilla Monitor, advising me that my "Email addresses, Partial credit card data, Passwords, and Phone numbers" had been exposed in a data breach at Canadian Tire. This email seemed legitimate (the sender was breach-alerts@mozilla.com), but since it gave me a link to login to Mozilla Monitor, my first concern was that this might be a phishing email and it would be dangerous to click on that link. Instead, I went through the Firefox settings to login to my Firefox account and from there, I checked what Monitor had reported. The Canadian Tire breach was not listed there. However, when I went to haveibeenpwned.com, the Canadian Tire breach was listed there. It showed that the breach occurred on October 25, 2025. So why was the breach not listed for me on Mozilla Monitor? And why would I have received an alert from Monitor 4 months after the breach? Was this breach alert notice actually a phishing scam perpetrated by someone using the information from haveibeenpwned.com as bait?

Todas as respostas (3)

TyDraniu
TyDraniu
  • Top 10 Contributor

Hi, Canadian Tire has been added to the Mozilla Monitor yesterday (FEB 25), after sending emails. Definitely not a scam.

Breaches are added to HIBP after receiving information about them, not when they occur.

Patrick
Patrick Proprietário da pergunta

Thanks for this explanation. Canadian Tire’s notice on its own website is dated November, so this breach has been known publicly for at least 3 months. Still quite a lag time for it to appear on Monitor,

James
James
  • Moderator
  • Top 10 Contributor

As said on https://monitor.mozilla.org/en/breach-details/CanadianTire#delayed-reporting

Why did it take so long to report this breach? It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. Breaches get added to our database as soon as they have been discovered and verified.
Colocar questão

Deve iniciar a sessão com a sua conta para responder às mensagens. Por favor, comece uma nova pergunta, se ainda não tiver uma conta.