Troy Hunt, the security expert behind Have I Been Pwned, confirmed the news, tweeting that "yes, we're doing some awesome things with @mozilla and @haveibeenpwned." The update is still in the early stages, but you can download it from GitHub, then compile and add to Firefox if you want to test it out. Bear in mind that it only works with the Developer Edition, though.
The add-on is fairly basic, for now. If you visit a site on Have I Been Pwned's naughty list, it will throw a flag stating, "You visited hacked site ashleymadison.com." It won't stop you from entering, but it does give users an idea that, at some point or another, the site's security procedures were less than optimal.
Hunt is working with Mozilla on the code, but isn't quite sure how the final feature will work. "Firefox is just looking at which sites have been been breached and we're discussing other ways of using the data in the future," he told Engadget in a message. "They've got a broad reach and surfacing this info via Firefox is a great way to get more exposure around data breaches."
Hacked sites, on the other hand, might not be too thrilled about a feature that will shame them about their previous lax security. However, if properly implemented, it could provide a very useful service to consumers, letting them know that they might need to change their password and not recycle the breached one. So far, Hunt tweeted, users have responded enthusiastically. "Wow, surprised at how much positive feedback this is garnering so quickly, I'm pretty stoked."