> DoorDash has no mention of its massive data breach on its homepage. There's nothing on its Twitter or Facebook page, either.

> What's also weird is DoorDash's robots file ( hides "/securitynotice" from Google, so people can't even search it.


@andreas one thing people don’t count on yet is this from firefox.

I don’t know what the settings are for when to trigger this popup (for all visitors or only for users who have visited a site before), but I’m pretty sure this has been not accounted for in most companies data breach response.

They can’t just rely on most users never hearing about a data breach anymore. No fucky-wucky with a robots.txt is gonna fix that.


@szbalint @andreas not sure how trustworthy that popup is (if it's an actual example and not a demo shot from a help page or such), given the only XKCD I know of is a webcomic that hosts zero user accounts on the site


@starseeker @andreas the xkcd web shop/forum got breached and this is a live popup from a stable version of firefox (I didn’t take this screenshot but I received this popup too myself)


@szbalint @starseeker so if a user saves their logins in Firefox which connects with Firefox Monitor [1] (which then relies on HIBP [2]?), they could get notified of breaches such as Door Dash’s in Firefox via a similar in-browser notification I think.



@andreas @starseeker

Yeah except the popup is not connected to the login saving in FF (I had no xkcd login but still got the popup).

However with Firefox Monitor I think people get notified via email/active means for logins they do have, not just when they visit a site.

If a data dump gets loaded into HIBP, people will get the popup for the site in FF.

re: Confused 

@starseeker @szbalint @andreas xkcd's forums got hacked, and those do host user accounts, and are also on the * domain

Sign in to participate in the conversation
nitrohorse Ⓐ

Personal instance of nitrohorse (