> DoorDash has no mention of its massive data breach on its homepage. There's nothing on its Twitter or Facebook page, either.
> What's also weird is DoorDash's robots file (https://www.doordash.com/robots.txt) hides "/securitynotice" from Google, so people can't even search it.
@andreas WTF! Shitty company.
@andreas one thing people don’t count on yet is this from firefox.
I don’t know what the settings are for when to trigger this popup (for all visitors or only for users who have visited a site before), but I’m pretty sure this has been not accounted for in most companies data breach response.
They can’t just rely on most users never hearing about a data breach anymore. No fucky-wucky with a robots.txt is gonna fix that.
@szbalint @starseeker so if a user saves their logins in Firefox which connects with Firefox Monitor  (which then relies on HIBP ?), they could get notified of breaches such as Door Dash’s in Firefox via a similar in-browser notification I think.
Yeah except the popup is not connected to the login saving in FF (I had no xkcd login but still got the popup).
However with Firefox Monitor I think people get notified via email/active means for logins they do have, not just when they visit a site.
If a data dump gets loaded into HIBP, people will get the popup for the site in FF.
@andreas Well, that's just downright malicious.
Personal instance of nitrohorse (nitrohorse.com).