Firefox Monitor Scam??

PaulSB

Legendary Member
I have received an email from Firefox Monitor which I had never heard of or signed up for. I've Googled and discovered Firefox Monitor is legitimate.

The email warns me of a data breach involving my email address and People's Energy my energy supplier.

I'm going to contact People's Energy but I'm interested to know if the email is a scam? Any experience out there?
 

bruce1530

Veteran
Location
Ayrshire
There certainly was a data breach at People's Energy in Dec last year - https://peoplesenergy.co.uk/help/data-breach - details of around 360,000 customer accounts were released. This data is now effectively public knowledge. :angry:

Data exposed includes: Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses.
People's Energy should be contacting customers directly.

To see if you were impacted, check out haveibeenpwned.com.

Firefox monitor appears to offer a similar service, although it's not one I've used before.
 
Good morning

I am not sure about Firefox but Chrome does this.

https://security.googleblog.com/2020/10/new-password-protections-and-more-in.html

Yes, Google does store your username and password for sites that you visit on a central server, but don't worry it is encyrpted. :-)

Passwords are often the first line of defense for our digital lives. Today, we’re improving password security on both Android and iOS devices by telling you if the passwords you’ve asked Chrome to remember have been compromised, and if so, how to fix them.
To check whether you have any compromised passwords, Chrome sends a copy of your usernames and passwords to Google using a special form of encryption. This lets Google check them against lists of credentials known to be compromised, but Google cannot derive your username or password from this encrypted copy.

We notify you when you have compromised passwords on websites, but it can be time-consuming to go find the relevant form to change your password. To help, we’re adding support for ".well-known/change-password" URLs that let Chrome take users directly to the right “change password” form after they’ve been alerted that their password has been compromised.


This doesn't necessarily mean that the site you are visiting has had a breach, although it can do, but that the user name or password is known to have been exposed.

So if you log into every site with the same username and password you will get the security message a lot. :-)

In reality if your password has been sold on a bit you are likely to get an email saying that I have hacked your device and have a web cam recording and screen capture of you watching porn, give me some bitcoins or I will distribute this video and the password will be in the subject line or somewhere prominent in the message to give the email some credibility
.
Bye

Ian
 
Last edited:

Drago

Flouncing Nobber
Location
Poshshire
It looks like a scam, smells like a scam, so it is reasonable to presume that we have on our hands a scam

Delete the email (without even opening it if possible - a preview pane is always a good idea), and then change all your passwords.

In the very unlikely event it's pukka, then you've done the right thing already.
 
OP
PaulSB

PaulSB

Legendary Member
It looks like a scam, smells like a scam, so it is reasonable to presume that we have on our hands a scam

Delete the email (without even opening it if possible - a preview pane is always a good idea), and then change all your passwords.

In the very unlikely event it's pukka, then you've done the right thing already.
Yep, my feeling is it's a scam though I am calling People's Energy at the moment, mainly because I want to change tariff but I'll ask the question. I already use a password manager so changing everything is easy and I'm confident I'm secure. I was horrified a few months ago to discover how much Google had stored for me......very helpful.
 

bruce1530

Veteran
Location
Ayrshire
It is probably not a scam. Firefox monitor (although I've never used it) appears to be checking your email address (which you probably use to log in to Firefox) against the "haveIbeenpwned" database. The People's energy breach details were added to HaveIBeenPwned yesterday or the day before.

The fact that you use a password manager is irrelevant - this is a data breach at People's Energy.

If you're really concerned about the message, feel free to drop me a line via direct message and I'll have a closer look - I do this stuff for a living.
 

kynikos

Über Member
Location
Elmet
That checking website is a bit dubious. I only created my email address in December 2020, yet it tells me of a hit in 2016. Short of having a time mahine...
... or whoever had nobber@hotmail.co.uk got hit in 2016 and deleted the account only for hotmail to release it back into the available pool of addresses in 2020... :biggrin:
 
Top Bottom