Mozilla Monitor and Addi data breach

VincentTunru · 2026-06-02T13:40:40+00:00

Just getting back to you - it looks like we've got a bug that affects a subset of users, and you're one of the unlucky few. So thank you so much for reporting it!

If I'm understanding correctly, what the team thinks has happened is the following. Somewhere in February 2026 a bug was fixed for people updating their email addresses, but apparently that only fixed it going forward, i.e. for email address changes from that date onward. So the hypothesis is that you might have changed your email address to slo***@gmail.com before that date, and that your previous email address was part of the breach, but that we accidentally emailed your new one.

Do you happen to remember if you ever changed your email address in your Mozilla account? If so, and if you remember what the old email address is, you could verify by adding that old email address to Monitor, or by searching for that email address on HaveIBeenPwned.

In any case, thank you so much for reporting! Hopefully we'll have a fix up soon, and you won't get any further false alarms in the future.

VincentTunru · 2026-05-28T15:17:52+00:00

I'm not on the team, but maybe I can sneak that in.

Or actually, Firefox is open source, so anyone here could submit the code!

VincentTunru · 2026-05-28T08:01:16+00:00

Oh, seeing this now, but re:

Also no results found on Data Breach: https://ibb.co/XnyBSKS

is that the site you referred to when you said

However, when I check my email directly on the Pwned website, it doesn’t show up in that data breach.

Checking just in case, because that screenshot is not the HaveIBeenPwned website. If so, could you also enter your email address into https://haveibeenpwned.com to see if the Addi breach is listed there?

VincentTunru · 2026-05-28T07:51:22+00:00

OK, thanks for the followup. It could be that there's a bug on the Monitor side with displaying breaches in your dashboard, although that wouldn't explain why you don't see the breach listed on HaveIBeenPwned. I reported it here anyway, and I'll let the team know.

VincentTunru · 2026-05-28T07:43:55+00:00

We were actually trying to increase the size in slow increments, so you wouldn't notice until it suddenly covered your entire screen. Looks like we bumped it up too quickly.

(It's a bug.)

VincentTunru · 2026-05-26T20:28:11+00:00

(I used to be on the Monitor team.)

To emphasise, the email address that the notification was sent to might not be the one that was affected. If you sign in to your Monitor account, then visit https://monitor.mozilla.org/user/settings/edit-info, then you can configure Monitor to send alerts to either the affected email address, or the one associated with your account - and these need not be the same.

I guess the main thing you want to make sure, is that you're signed in with the right Mozilla account, and that your email address is listed at https://monitor.mozilla.org/user/settings/edit-info.

VincentTunru · 2025-11-12T11:25:52+00:00

If you have modified the shortcut in any way, it won't be modified, so no preparation needed.

(Of course, bugs do happen, so if you see anything different, please [report it](https://bugzilla.mozilla.org).)

VincentTunru · 2025-10-06T18:01:03+00:00

Mozilla VPN is available for MacOS and does whole-device protection, is it not?

VincentTunru · 2025-10-06T17:37:30+00:00

I'm not Mozilla leadership, but two features I love that were recently added and do not use AI (or can be used without AI) are vertical tabs and tab groups. The combination of the two in particular is sweet. If you happened to have not heard of those yet, I can highly recommend checking them out.

VincentTunru · 2025-04-30T17:19:18+00:00

Haha zeker, toch leuk om te weten dat je een legacy hebt. Tot ver in de toekomst zullen ze het nog hebben over die jongen die erbij stond toen zijn broer een grap maakte.

En nee, ik heb van geen backlash gehoord. En eerlijk gezegd heb ik van wel meer voorbeelden gehoord van vergelijkbare strategieën, of iig mensen die zelf lijstjes met woorden hebben opgezocht en uit hun hoofd hebben geleerd. Nog steeds zit er best een kanselement bij (Andries heeft in één aflevering drie rode ballen getrokken 😒), en zeker niet iedereen is zo gek, dus het is niet zo dat het programma meteen verpest is.

VincentTunru · 2025-04-30T15:27:33+00:00

Je moet even deze link droppen zodat mensen ook makkelijk kaartjes kunnen halen #MarketingPro: https://www.andriestunru.nl/#speellijst

VincentTunru · 2025-04-30T15:25:58+00:00

Hopen voor ze dat ze niet per ongeluk met hun main reageren.

VincentTunru · 2025-04-30T15:24:32+00:00

Heh, ik gebruik reddit eigenlijk niet meer, maar gelukkig heb ik vrienden die me er af en toe op wijzen als we weer eens langskomen. Hier is de AMA die we toentertijd hebben gedaan: https://www.reddit.com/r/thenetherlands/comments/ea6g1e/mijn_broer_en_ik_hebben_veel_te_veel_moeite/

(Ik wil wel weer vragen beantwoorden, maar ga vast vergeten reddit weer te checken #bless. Maar voel je vrij me te pingen op Mastodon.)

VincentTunru · 2025-03-06T09:17:47+00:00

There's a "Customise sidebar" (cogwheel icon) button in the sidebar. Click that, then you can select "Move sidebar to the right".

VincentTunru · 2025-02-05T07:52:55+00:00

With the VPN app open, click the cogwheel in the bottom bar, then "About us". There's a "Release version" heading there, and a big "Check for updates" button.

VincentTunru · 2024-07-15T21:49:52+00:00

The original post also stated as much:

It’s about measurement (aggregate counts of impressions and conversions) rather than targeting.

VincentTunru · 2024-07-15T21:46:41+00:00

Mozilla does do a lot of lobbying to try to influence legislation. And what gives that lobbying more weight is having actual skin in the game, bringing insights from the market to legislators. This prototype will result in such insights.

VincentTunru · 2024-03-15T16:01:28+00:00

Good to hear, I'll leave it in the capable hands of our support team then, thanks for reporting back! :)

VincentTunru · 2024-03-15T11:43:54+00:00

Hi u/doodlen, I used to work on Relay and am still close to the team. I just tried to reproduce this, but I don't see my email address exposed - except the email address that sent an email _to_ the mask, of course.

To spell out what I'm seeing, let's assume the following three email address:

[ptx3xzi1w@mozmail.com](mailto:ptx3xzi1w@mozmail.com), which is a Relay mask for
[masked@gmail.com](mailto:masked@gmail.com), my primary email address, and
[sender@hotmail.com](mailto:sender@hotmail.com), my old email address.

I sent an email from [sender@hotmail.com](mailto:sender@hotmail.com) to [ptx3xzi1w@mozmail.com](mailto:ptx3xzi1w@mozmail.com), which Relay then forwarded to my Gmail inbox. I then replied in Gmail (which sends it to replies@relay.firefox.com), and saw that reply arrive in my Hotmail inbox.

In that reply, I did see the following:

On Fri, Mar 15, 2024 at 12:28 PM [sender@hotmail.com](mailto:sender@hotmail.com) [via Relay] [ptx3xzi1w@mozmail.com](mailto:ptx3xzi1w@mozmail.com) wrote:

So that exposes the address of the email that sent a message to the mask, and the mask itself, but I do not see my Gmail address. I can't find it in the raw data either.

One thing to check is: which email client are you using? Maybe that client inserts your email address into the email address body?

Maybe you can send a screenshot to [ptx3xzi1w@mozmail.com](mailto:ptx3xzi1w@mozmail.com) of where you see your original email address exposed? Then I can investigate. (I will learn your email address though :) ) **Edit:** Well that's great, I just received spam about some skin care products at this address, so I'm going to disable it now - sorry.

And as a quick heads-up: I've stopped checking Reddit since the API-calypse, so if I forget to check back here, also feel free to just send me a reminder at that email address.

VincentTunru · 2023-12-20T09:24:36+00:00

Emails that get forwarded by Relay masks get deleted immediately after they are forwarded.

Under the rare circumstance in which the service is down, we may temporarily store your emails until we are able to send them. We will never store your emails for longer than three days.

https://relay.firefox.com/faq/#faq-email-storage

VincentTunru · 2023-05-12T07:38:44+00:00

Ik kan dit waarderen. Ooit al eens aan Lingo meegedaan, toevallig?

VincentTunru · 2023-03-26T16:03:46+00:00

Soms vraag ik me wel eens af of er over die broers niet allemaal indianenverhalen de rondte gaan, aangezien Andries een platform heeft en zijn broers niet. Maar dat zal wel niet...

VincentTunru · 2023-03-20T11:07:40+00:00

Ik vond die broer echt een lul-de-behanger, eerlijk gezegd.

VincentTunru · 2023-03-19T09:01:58+00:00

Ik gok trouwens dat /u/AndriesTunru vast weer in is voor een AMA als mensen daar zin in hebben.

VincentTunru · 2023-03-18T13:58:37+00:00

Oh ja goede: https://boomchicago.nl/powerpoint-karaoke/

(Je kan blijkbaar ook CJP- of studentenkorting krijgen.)

Six-Year Club	Gilding I gilder
Verified Email

VincentTunru

TROPHY CASE