09.04.2021

Blexrian builds Facebook breach checker

A graphic with images relating to data security

Want to check whether your personal information is part of the latest social media data leak? Thanks to one of Blexr’s web developers, now you can do just that.

Jorrit Klein Bramel, a Dutchman who has been living in Malta for about six years, has designed a website in his own time called haveibeenzuckered.com to allow the public to see whether their phone number has been involved in a data scrape of Facebook.

This breach occurred some time ago, and Facebook says it fixed the problem in August 2019, but not before personal information had been taken from 533 million Facebook accounts across 106 countries.

This is mainly said to have involved the harvesting of phone numbers and several million email addresses.

Providing a service

Jorrit, who has worked at Blexr for about 18 months and is one of our DevOps engineers, used the Easter weekend when the news of the breach broke to build a website that can safely and anonymously check phone numbers against the leaked database, which is now widely available via a standard Google search.

“I’m incredibly interested in security and thought it was important that people should be able to check whether or not their phone number is in the data leak,” he said. 

“Being aware of different methods and technologies that can protect people’s privacy, I saw an opportunity to build something that could be useful and secure at the same time. 

“I wanted to provide a service and make people aware of security, make them realise that you shouldn’t just type your phone number into anywhere that asks you to.”

Anonymous searches

Jorrit’s site uses a process called “hashing” which makes sure any phone numbers entered into the search are encrypted and not stored or shared.

It also employs a technique called “k-anonymity” which means the site’s server only receives the first five characters of the strings of randomly generated characters. These are then used to scan the leaked numbers and to see if the phone number corresponding to those strings has been leaked.

While you can only check your phone number on Jorrit’s site, the scrape actually harvested a lot more information than that. The leak is said to include people’s first and last names, their date of birth, their location, their job and relationship status – at least from the time when the data was taken from Facebook by hackers. 

“The only thing you can do now is to be wary of scam calls or texts,” Jorrit added. “People should enable two-factor authentication on their online accounts and social media profiles, to block anyone who tries to use your phone number to access an account of yours.

“The easiest way you can protect your data is to not give it away. These days with GDPR it’s getting better, a lot of companies are being more mindful of the information they request. But be careful who you give your personal information to online.”