Hi q, Firefox Monitor allow adding secondary addresses, in addition the primary address for your Firefox Account. It sounds as though you already checked on the Preferences page here:

https://monitor.firefox.com/user/preferences

What about on your Firefox Account settings? Is the old address set up as a secondary address over there?

https://accounts.firefox.com/settings/emails

Otherwise, I have no idea why you would get notifications for other addresses, unless there was something else that links the two.

jscher2000 said

Hi q, Firefox Monitor allow adding secondary addresses, in addition the primary address for your Firefox Account. It sounds as though you already checked on the Preferences page here: https://monitor.firefox.com/user/preferences What about on your Firefox Account settings? Is the old address set up as a secondary address over there? https://accounts.firefox.com/settings/emails Otherwise, I have no idea why you would get notifications for other addresses, unless there was something else that links the two.

Nope, it was not on either of those pages. It was not my secondary email. It was my old email which I had changed, and was not even being monitored on my dashboard (although the current address, I just created, so it was impossible that it was in a data breach, so I'm assuming the notice was for my old email).

I'm not clear about the last part: "I'm assuming the notice was for my old email". But if you never registered for alerts about that address, then it wouldn't make sense to assume that?

You can do an anonymous search -- without having to verify an address -- on either:

• https://monitor.firefox.com/ (right-click > Open Link in Private Window)
• https://haveibeenpwned.com/ (data provider for this service)

It seems worth checking both your old and new addresses.

jscher2000 said

I'm not clear about the last part: "I'm assuming the notice was for my old email". But if you never registered for alerts about that address, then it wouldn't make sense to assume that? You can do an anonymous search -- without having to verify an address -- on either:

• https://monitor.firefox.com/ (right-click > Open Link in Private Window)
• https://haveibeenpwned.com/ (data provider for this service)

It seems worth checking both your old and new addresses.

I signed up for alerts for my OLD email, but when I checked my dashboard, that email address was no longer there under monitored emails and I had to add it again.

jscher2000 said

I'm not clear about the last part: "I'm assuming the notice was for my old email". But if you never registered for alerts about that address, then it wouldn't make sense to assume that? You can do an anonymous search -- without having to verify an address -- on either:

• https://monitor.firefox.com/ (right-click > Open Link in Private Window)
• https://haveibeenpwned.com/ (data provider for this service)

It seems worth checking both your old and new addresses.

Another thing I just realised: the breach is from BEFORE I even registered the email address that the breach is apparently for, so before it even *existed*. (And yes, I also realised that the *actual* email compromised was my secondary email, but that is *not* what the email said.)

This isn't a huge issue to me, I'm only posting about it because I think sending emails intended for a current address to an old address is a bug and security issue.

Is it possible your new email address belonged to someone else previously and they let it go, making it available to you? Some services probably make that impossible, but I don't know whether all of them do.