Mozilla Monitor - Frequently asked questions

Mozilla Monitor Mozilla Monitor Last updated: 81% of users voted this helpful

Mozilla Monitor is a data breach notification service offered by Mozilla that warns you if your online accounts have been involved in a data leak. Using the Have I Been Pwned database, Mozilla Monitor keeps track of known data breaches and notifies you if your online accounts are compromised, providing guidance on how to proactively protect yourself going forward.

Table of Contents

General questions about data breaches

What exactly is a data breach?

A data breach happens when personal or private information gets exposed, stolen or copied without permission. These security incidents can result from cyber attacks on websites, apps or any database where people's personal information resides. A data breach can also happen accidentally, like if someone's login credentials get posted publicly.

Why am I in this breach?

Hackers often target massive companies with millions of users to get as much personal information and credentials as possible. These hackers look for a security weakness — the digital equivalent of leaving a door unlocked or window open. Once they find that one door or window, they steal or copy as much personal information as possible. We don't always know what they intend to do with the data, but they will try to find a way to profit from it. While the effects are not usually immediate, the long-term effects can be severe.

Data breaches often lead to digital identity theft. Once hackers access your personal information, such as emails and passwords, they might try to impersonate you, leading to financial and emotional stress.

What information gets exposed in data breaches?

Not all breaches expose the same information. It just depends on what hackers can access. Many data breaches expose email addresses and passwords. Others expose more sensitive information, such as credit card numbers, passport numbers and social security numbers.

Do I need to be worried if my information gets exposed during a data breach?

You should take steps to protect your personal information and accounts. If your password and email address get exposed, hackers can sell that information on the dark web to the highest bidder. Whoever buys that information can try to use it to gain access to your other online accounts. These cybercriminals may try to steal your identity, make purchases or take out loans in your name.

Do I need to do anything if a breach happened years ago or in an old account?

You should still take steps to protect yourself. Sometimes it takes years for credentials exposed in a data breach to surface on the dark web. If you haven't changed your password on the affected account yet, do that immediately. If you use that password elsewhere, you should change those too. Otherwise, hackers can use your login details on other websites.

I just found out I'm in a data breach. What do I do next?

Hackers rely on people reusing passwords, so it's important to create strong, unique passwords for all your accounts. Keep your passwords in a safe place that only you have access to; this could be the same place where you store important documents or a password manager. Visit How to stay safe on the web and What to do after a data breach to learn more.

Does my anti-virus software protect me from data breaches?

Antivirus software can't prevent data breaches from happening. It scans your computer for viruses and other malicious software but can't prevent anyone from gaining unauthorized access to your online accounts. Cybercriminals hack the websites themselves, not your computer. Antivirus software cannot:

  • Prevent someone from hacking into a website and stealing your login credentials.
  • Prevent someone with your password from logging in to one of your accounts.
  • Always detect scam or phishing emails that prompt you to enter your email address and password.

About Mozilla Monitor breach monitoring

Why did it take so long to notify me of this breach?

It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. We send notifications as soon as a breach is discovered, verified and added to our database.

I don't recognize this company or website. Why am I receiving notifications about this breach?

There are several reasons why you might not recognize the company or breach name:

  • The site may have changed names or been sold to a new company.
  • It could be an old account you forgot about.
  • Someone may have created an account for you.
  • The breach may be a combolist. A combolist is a collection of different data breaches. Hackers combined the passwords and email addresses from many data breaches into one single list.
  • A data aggregator was breached. These companies collect your information from other sources. Data aggregators compile publicly available data and buy customer data from other companies. You may have an account with a company that sold your information to a data aggregator.

How do I know these emails are from Firefox, not a hacker?

Check the email address in the sender's field. Mozilla Monitor emails will always come from breach-alerts@mozilla.com. Firefox will never ask you to enter your login credentials or password in an email. Most online services won't ask you to enter your login info directly from an email. If they do, you should instead go directly to their website to sign in.

How does Mozilla Monitor treat sensitive sites?

Email addresses involved in sensitive site breaches are not publicly searchable for privacy reasons. You must be signed in or subscribed to Mozilla Monitor alerts. To find out if your info appears in a sensitive breach, you'll need to sign up for an account through Mozilla Monitor and verify your email.

How does Mozilla Monitor know I was involved in these breaches?

Mozilla Monitor gets its data breach information from a publicly searchable source, Have I Been Pwned. If you don't want your email address to show up in this database, visit the opt-out page.

Does Mozilla Monitor know my passwords?

Mozilla Monitor does not know your passwords. It keeps your data anonymous when it transfers breach data to you. Read more about our k-Anonymity technique.

How far back do data breaches in the Mozilla Monitor database go?

Mozilla Monitor searches for your email in publicly-available data breaches back to 2007.

Can I use Mozilla Monitor on other browsers like Chrome or Safari?

Yes. Mozilla Monitor works on all browsers. You can sign up for a Mozilla account on any browser, and we'll monitor your email for data breaches.

How comprehensive is Mozilla Monitor's breach database?

Some breaches may not appear in our database because they haven't been discovered yet. Others might not appear because Have I Been Pwned, our breach source, hasn't been granted access to the details about a particular breach. If a company where you have an account notifies you of a security incident, read the details closely and follow their recommended actions to protect your account.

Do I need to sign up for a Mozilla account to get Mozilla Monitor alerts?

Yes. However, you may search your email address in publicly available data breaches without signing up for an account. To sign up for alerts about future breaches and to get your detailed report, you'll need to sign up for a Mozilla account on monitor.mozilla.org.

We absolutely do not want this to negatively impact or not work well for people who have changed their name or might have multiple names. We are working on this post-release and sincerely apologize we don’t have the functionality available today but it is a high priority for us.

How much does Mozilla Monitor and Monitor Plus cost?

Mozilla Monitor is a free service provided by Mozilla as part of its security products portfolio, along with the subscription products Mozilla VPN and Relay. You can also opt for a more robust protection by selecting the premium feature Monitor Plus that provides automatic removal of exposures keeping you safe from data breaches and data brokers, and a monthly protection scan to keep you continuously safe. You can get Monitor Plus for $13.99 with our Monthly plan or $8.99 per month with our yearly plan.

Will Mozilla Monitor protect me from data breaches?

No one — not even Firefox — can prevent data breaches from happening. We can alert you about breaches that affect you. We can help you understand what you need to do to mitigate the risks. We can recommend tools to use that make it easier to protect your information online, but you need to take action to protect your accounts. If a breach involves financial information, you'll need to monitor your financial accounts and credit reports for anything suspicious.

What kinds of websites sell my personal information?

Certain websites are in the business of collecting and selling people’s personal information without their consent, which is unfortunately legal in the US. These sites are called data brokers and they make up a 240 billion dollar industry. They use sophisticated methods to collect personal, financial, location and even health information, often without your consent or even your knowledge. They’ll sell what they’ve collected to third parties, profiting from your information and leaving you open to violations of your privacy and security.

What information do these websites collect about me?

They collect all the personal information about you that they can: legal name, email address, home addresses, phone numbers, family information, financial details, health details, browsing history, purchase history, and more. With this information, they’ll create a profile about who they think you are, package your profile up with similar profiles, and sell it for a profit.

How does my personal information get collected?

Sites that sell your personal information may find that info in government and public records such as real estate transactions, court records, marriage certificates and business licenses. They may also purchase it from other sites, such as an app or social media site that you use or a loyalty program you’ve signed up for. They can even pay companies to place trackers directly on other sites to gather information about your online habits. This shows just how important it is to reduce your digital footprint and take steps to protect your online privacy.

What can these websites do with my personal info?

Typically, these sites make money by selling your personal information. This can lead to more spam emails, robocalls and junk text messages. It could publicly expose your physical home address and personal contact information. And in a worst-case scenario, you could become a victim of identity theft or fraud.

Even if a site doesn’t sell your information, they are an attractive target for hackers, which could compromise your information and put you at risk. One major example is the 2018 security breach of Apollo, a sales engagement startup with a database of 200 million contacts at 10 million companies. This security breach exposed the names, job titles, employers, social media handles, phone numbers and email addresses of 200 million people. This breach is a great example of how you can protect yourself by getting off of these websites’ lists in the first place. The less people who have access to your data, the better.

How do I manually remove my personal information from websites that are collecting and selling it?

Most sites will allow you to request removal of your personal information from their site, and the process varies from site to site. Some may have an opt-out form online, while others may require you to mail a letter.

However, it’s important to note that these requests only ask the sites themselves to remove your information. If it’s available in public records, they may add your information again in the future from a different source. You may need to periodically request removal over time.

Start by visiting the site who has published your information and search for removal or opt-out instructions. You’ll have to make a separate removal request for every site you want to opt out of.

If you’d like Monitor to handle these removal requests on your behalf, and continually monitor to make sure they don’t add you back to their list, you can upgrade to Monitor Plus.

How can Mozilla Monitor help remove my personal information from sites that sell it?

We search for your personal information across 190 major data broker sites that sell personal info, and show you the information that each has collected about you. Then we can help you remove it.

Removing your information from these sites is typically a time-consuming, ongoing manual process. Once you identify which of them are storing your information, you’ll need to contact each one individually and request that they remove your profile. However, even if your data was removed from one of these sites, it may reappear at a later date if they find or purchase new information about you. These sites regularly collect data, and removal of your information does not necessarily prevent many of these sites from adding it again later.

For customers of our premium service, Monitor Plus can do this for you. Once a record is found, we’ll automatically send a removal request and follow up with the site to track the status of the removal. We’ll continually monitor these sites to make sure they don’t add you back to their list. And if they do, we’ll take care of it for you. If the information isn’t removed within 120 days, we’ll show you how to follow up on the request.

Why do you need my personal info?

We ask for your personal information so we can search for it on sites that sell personal information. We only use this data in order to find where it’s being exposed on these sites. We never sell your information and our Personal Data Promise means we implement security measures to keep your personal info safe, and design products that prioritize your privacy.

How long does it take for Mozilla Monitor to remove my information from these sites?

As soon as we identify which sites have your information, we get to work requesting removal. Removals can take some time depending on the responsiveness of the site, and the steps they have set up for processing a removal. You may start to see removals happening within the same day but some can take longer depending on the data broker compliance.

For paid subscribers, we re-check every month to make sure they don’t add you back. Since data brokers constantly re-add new information they find about you, it’s an ongoing process and you can rest assured that no matter how many times your name reappears on a site that’s selling it, we will work to remove it on your behalf.


From which sites does Mozilla Monitor remove my personal information?

We currently remove personal information from 190 of the most common data broker sites which are most likely to have your information, with more to come in the future.

No, we can’t remove your personal info from search engines like Google or even social media sites like Facebook. In general, we cannot remove your information from services where you’ve signed up for an account, or from government websites that have publicly-available information. However, removing your personal data from data brokers will help reduce how much of it appears in search results.

I’ve lived in multiple places. What city and state should I use?

You should use your most recent city and state. These sites may have collected multiple addresses for you, so even if you only add your most recent address, you may find records of places you’ve lived in the past. Adding your birthday can help improve the accuracy of your results by reducing the chance of you finding profiles of people with the same name as you.

In which countries is personal information auto-removal available?

This feature is available only for Mozilla Monitor Plus customers in the United States.

How does continuous data removal work?

For our Monitor Plus users, we use the information you have provided about yourself (name, location and birthdate) to search across 190 data broker sites that sell people’s private information. If we find your data on any of these sites, we initiate the request for removal. Data removal can take anywhere from a day to a month.

What do the different statuses mean in my personal info exposure scan?

“In progress” means that our automated removal process is underway, which typically takes 7–14 days. “Fixed” means that we have successfully removed your personal information from the site selling it.

To better understand the different statuses for Monitor, take a look at the Monitor status indicators article.

Why does it take so long to remove my personal information from these sites?

Partly this is because these websites do not rush to remove your information; they don’t legally have to, and they make money by selling it. They also may quickly re-add your information by collecting it from a different source. Getting your information removed is an ongoing, continuous process: that’s why Monitor Plus subscribers get monthly scans and continuous auto-removals.

Why do I see my information on a site that Monitor had already removed me from?

These websites regularly collect data from different sources. Even if you removed your info, they may find or purchase your information from a new source and add it again. This is why we do monthly scans for exposures of personal information for our Premium users, and continually work to remove anything we find. We make sure your information is removed, and make sure it stays that way.

What happens when I unsubscribe from Monitor Plus?

Any personal information we’ve collected will be deleted, and you’ll no longer receive monthly privacy protection scans for sites that sell your personal information. Any in-progress removals will end as well. However, you’ll still be able to track data breaches for up to 5 email addresses, and we’ll still guide you through fixing them and protecting your data.

Why is data removal only available in the US? When will it be available in my country?

Data removal is only available in the US because of legislation that allows data brokers to operate there. In many other countries and in regions like the EU, laws like GDPR prevent these websites from collecting and selling people’s personal information without their consent. We’re exploring ways to expand protection and personal data removal outside of the US where needed.

Why do you remove personal information exposures automatically, but make me fix data breaches myself?

Many data breaches expose your passwords and even sensitive info like your bank information or your social security number. Fixing these data breaches requires manual steps that only you can do – like creating a new password, calling your bank, or freezing your credit. We will guide you through the process of fixing data breaches that require these manual steps.

Related articles

Learn more

Was this article helpful?

Please wait...

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More