Closed Bug 1585629 Opened 5 years ago Closed 5 years ago

Breach notifications are not displayed for some breached websites

Categories

(Firefox :: about:logins, defect)

Product:
Firefox
Component:
about:logins
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox70 - wontfix
firefox71 --- wontfix

People

(Reporter: emilghitta, Unassigned)

References

(Blocks 2 open bugs)

Details

Affected versions

  • 71.0a1 (BuildId:20191002033852)
  • 70.0b11 (BuildId:20190930132843)

Affected platforms

  • Windows 10 64bit
  • Ubuntu 18.04 64bit
  • macOS 10.13.6

Preconditions
Access the about:logins page and add some login details for the www.kiwifarms.net or www.specials.mastercard.de and change the timePasswordChanged value from the logins.json with a value before the breach date.

Steps to reproduce

  1. Restart or Launch Firefox.
  2. Access the about:logins page

Expected result

  • A breach notification is displayed for those particular breached websites.

Actual result

  • No breach notification is displayed.

Regression Range

  • Pushlog:
    I don’t think that this is a regression

Notes
This is not reproducible on all breached websites found here . Ex: The breach notification is successfully displayed with credentials for www.linkedin.com or http://artvalue.com/

I'm guessing this is a domain mismatch… Luke, do you want to investigate?

Flags: needinfo?(lcrouch)

Tracking to keep an eye on this for now for 70.

tracking-firefox70: --- → +

Here are the two records from remote settings:

    {
      "Name": "KiwiFarms",
      "Domain": "kiwifarms.net",
      "schema": 1568662898394,
      "PwnCount": 4606,
      "AddedDate": "2019-09-17T09:48:25Z",
      "BreachDate": "2019-09-10",
      "DataClasses": [
        "Avatars",
        "Dates of birth",
        "Email addresses",
        "IP addresses",
        "Website activity"
      ],
      "id": "d7091d4d-4111-4b06-ae1e-247f66501929",
      "last_modified": 1568764869500
    },

    {
      "Name": "MastercardPricelessSpecials",
      "Domain": "specials.mastercard.de",
      "schema": 1567280497687,
      "PwnCount": 89388,
      "AddedDate": "2019-09-01T20:37:49Z",
      "BreachDate": "2019-08-20",
      "DataClasses": [
        "Email addresses",
        "IP addresses",
        "Names",
        "Partial credit card data",
        "Phone numbers",
        "Salutations"
      ],
      "id": "31977599-505a-4adf-9fd2-f8c0b3a509f7",
      "last_modified": 1567382480889
    },

Neither of them include "Passwords" in the DataClasses so it's intentional that we don't show that the login may have been compromised

Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(lcrouch)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.