Firefox will tell you if your data has been breached

Firefox operator Mozilla is looking at adding a feature into the browser that would alert users if their credentials have been involved in a data breach, by integrating with Troy Hunt's haveibeenpwned.com breach database.

Its functionality at the moment - the tool is currently being prototyped - involves a notification bar that appears to users when they visit a site registered in haveibeenpwned.com as having been breached.

"This is an addon that I'm going to be using for prototyping an upcoming feature in Firefox that notifies users when their credentials have possibly been involved in a data breach," Mozilla developer Nihanth Subramanya wrote in his Github repository.

"I chose to make it a legacy addon to make it easy to port into mozilla-central in the future - it will likely involve window manipulation code."

Technical work appears to have begun on the feature earlier this week. There is no current release date for the function.

Hunt told iTnews the parties were working through the mechanics of how the feature would operate.

The two core issues are the privacy of a user's data and the technical architecture of the function.

"There are a few different ways we can do this, and we have to work out the right way so it's sustainable, so I can continue to run the website, and so we're properly addressing the privacy aspect," Hunt said.

Haveibeenpwned gets an average of 70,000 visitors to the site daily - a number that would scale up drastically should users on the world's third largest browser start constantly hitting the database.

"One way we could do it is by hitting the API, another way is making Mozilla a data custodian for the purpose of people querying [the database] - but there's privacy implications in that," Hunt said.

The pair also need to navigate how to collect a Firefox user's email address for the purpose of querying the breach database.

"You want to be conscious of someone's privacy and not just send their email address off to haveibeenpwned.com just because they browse to a website," Hunt said.

"We want to figure out the right user experience first, and then work out what the technical architecture is. We're just starting to explore the possibilities."

Hunt said he had been drawn to the partnership because it aligned with the principles of the haveibeenpwned website.

"I really like the idea. When I built this, the premise was how can we raise awareness and reach more people about their exposure. Integrating into one of the world's largest browsers is a pretty great way to do that."

He said he was not in discussions with any other web browser operators.

Hunt's haveibeenpwned launched in December 2013 and has grown to encompass 252 breached websites and 4.8 billion breached accounts.

The site allows individuals to enter their email address and identify if their details have been involved in any known breaches. Subscribers are offered a notification service that provides alerts if their information is found in a new data breach.