Open eliserichards opened 4 years ago
In desktop, we have a LoginBreaches
module with a getPotentialBreachesByLoginGUID
function. The logic in there should hopefully be descriptive and self-explanatory, but ping me with any questions about it.
It uses breach data from the fxmonitor-breaches
collection from Remote Settings. That collection is populated by an updatebreaches.js
cron job running on the Firefox Monitor server, which gets its data from the public HIBP JSON endpoint.
If Lockwise can't access Firefox Remote Settings, it could use the HIBP JSON directly. But the feature would definitely need a privacy review, because even though the GET
request to HIBP leaks nothing about sites or credentials, but it does effectively send a ping to a 3rd party.
User Story
Dependencies
Acceptance Criteria