Facebook Phone Number Lookup

Do not have the time to check out the whole short article? Go to the Frequently Asked Question section below for whatever you should know, Facebook Phone Number Lookup.

Update: someone pointed out that PayPal in fact exposes the last four digits of the telephone number, so this strategy may work for large countries too if the target has its phone connected to its PayPal account.

Facebook Phone Number Lookup

Last month, I found it is reasonably simple to expose personal contact number on Facebook, uncovering some telephone number of Belgian celebrities and political leaders. Even though this trick just appears to work in small countries such as Belgium (+/- 11.2 million individuals), a significant number of individuals is affected by this simple, yet reliable personal privacy leakage.

When I informed the great folks of the Facebook Security team with my concerns, I got an answer I didn't quite anticipate:

When the "who can look me up by phone" setting is set to public, your telephone number is public.

There are a few issues with this:.

- The setting is set to public by default.
- It's confusing: although your telephone number on your profile is set to 'only me', the 'who can look me up'- setting overrules this. While individuals believe their telephone number is personal, it's not:.

This setting only shows whether the telephone number is noticeable on your profile. It does not suggest whether your contact number is public.

If this setting is set to 'Everyone', which is the default worth, your telephone number is thought about public.

' Who can look me up' likewise indicates the person 'looking you up' currently has your phone number. It implies that someone if trying to find your particular Facebook profile based on your telephone number, and not the other way around.

- There is just no just me setting.

If you link your telephone number to Facebook and want to lock down your privacy settings, you can not avoid your 'buddies' will still have gain access to.
Regardless of sharing my interest in the security team, they chose not to fix the problem. Even though I do not concur I respect their choice. I did choose the blog about it nonetheless-- I think people can understand.

- Lots of people don't even know Facebook has their telephone number. While Facebook can not just extract your contact number from your phone, it will consistently ask you to verify and save your number upon releasing Facebook for mobile. After a colleague erased his telephone number following my findings, Facebook instantly asked him to re-enter it:.

How it works.

My technique uses the chart search. Most people knows that you can enter a contact number in the Chart Search to get the matching user:.

Simply evaluating every number is a difficult job that would take months. Facebook also has some strong rate limiting in location that will briefly block extra demands after +/- 1000 lookups. Sure, you could utilize a botnet with legitimate Facebook accounts, however I make sure Facebook has some restrictions to tackle these, too.

ACTION 1: The last two numbers (1 minute).

I needed to discover a method to evaluate countless contact number at when. The less telephone number I 'd have to test, the quicker I might get to the full number. To eliminate the last two numbers, I used Facebook's password reset functionality:.

Facebook reveals the last 2 digits of the minister our home affairs, an extremely ranked politician.
ACTION 2: The provider number (5-- 35 minutes).
Here's a normal Belgian telephone number, where X equals any number from 0-- 9, and PP equals the company number. I currently completed the last 2 digits we got in the previous action.

( Less than 400,000 possible numbers).

Supplier numbers are connected to the mobile phone provider:.

Some service provider numbers are more widely utilized than others. Individuals working for the government most likely have a 047 number, as Proximus is the state-sponsored provider.

At this moment, I wrote a program that would make a contact list with every possible number starting with, let's say, 0479:.

Then imported this list in the 'find good friends' performance and inspected the recommended buddies.

There were a couple of "Jan"'s in the list, however my target was not. Do not mind the '500' number-- more contacts remained in imported.

No luck for 0478, either. I needed to change accounts at this time due to the fact that Facebook only allows 20,000 contacts to be imported in a short timespan. I logged into another test account, tried with 0477 got "third time fortunate":.

So at this minute we can add the company number:.

We also have a list of 10,000 varieties of which one is the minister's number.

ACTION 3: Narrowing down (10-- 15 minutes).
The tail end just consists of some basic mathematics: we have 10,000 possible numbers left, so if we check half of those numbers we can narrow down our swimming pool to a handful of numbers, for example:.

0477 0000 50-- 0477 5000 50.

The target was present in this variety, so this suggests that the 5th number is either 0, 1, 2, 3 or 4. 5000 [0000-- 5000] possible numbers left.

Let's divide the 5000 numbers that are left by two once again.

Checking for 0477 0000 50-- 0477 2500 50:.

No luck with the 0000-- 2500 range, so we can be sure the contact number is in the 2500-- 5000 variety. We got 2500 numbers left, split the pool in a half so we have 1250, 750, 325, 162, 81 and eventually 40 numbers left. We can continue to do trial-and-error testing by spitting the swimming pool in a half to 20, 10 and 5 numbers, however with less than 50 numbers left you can also evaluate all numbers separately in the chart search.

ACTION 4: The last countdown (1 minute).
With just 40 possible phone numbers left, it is quite simple to check all the numbers that are still in the pool. Just enter them in the search bar up until you hit the profile you were searching for.

I notified the minister about this personal privacy leak. In a declaration he said he didn't understand Facebook was leaking is phone number, however he personally does not actually mind as long as there's no abuse.

In cooperation with a regional radio station we called another Belgian star on air to inform him about the truth that I found his telephone number through Facebook. We had a nice chat and he removed his contact number from Facebook immediately later on.

Frequently Asked Question.

- What's the issue?
In small countries phone numbers on Facebook are quickly discoverable. Facebook argues that whenever the setting "who can look me op by contact number" is set to public (which is the default setting), your contact number is considered public (although it is not displayed on your profile). This is confusing and Facebook offers insufficient measures to avoid this. Setting your phone number entirely to 'only me' is just not possible.

- Who is impacted?
Anybody in a little nation that (perhaps unconsciously) included their phone number and did not change the default setting. It is tough to give a specific list of affected nations, however if you have a 10-digit telephone number and the list of supplier numbers (initially two) is rather restricted, it must work.

- How can I evaluate whether Facebook knows my phone number?
Go to https://www.facebook.com/settings?tab=mobile. All recognized telephone number ought to be listed there.

- How can I evaluate whether I'm impacted?
( Only if you reside in a country with a rather small population, like Belgium):.
Inspect whether Facebook understands your contact number (question above).
Go to https://www.facebook.com/settings?tab=privacy and examine the setting "Who can look you up utilizing the contact number you offered". If it's set to "Public", anyone might retrieve your contact number if conditions above are satisfied. If it's set to "Pals", only your good friends can. Note that there's no "Just me" setting.

- How does it work?
The procedure includes 4 actions and needs a program that is able to produce a particular variety of phone numbers.
1. Getting the last two numbers using password reset (takes 2 minutes).
2. Getting the company number (if any, depends upon luck, takes 15-- 35 minutes for a Belgian telephone number) by creating a list of possible numbers and importing them though the 'discover friends'- functionality.
3. Narrowing down the pool by splitting it in half and experimentation (15-- 20 minutes).
4. Evaluating the numbers left (40) manually in the Graph search (2 minutes).
It is difficult to predict for how long it requires to discover a phone number as it depends on the amount of possible phone numbers, prerequisites (test accounts, contact number generator) and some luck, nevertheless I believe it's safe to say that in my screenings it took only30 minutes to 60 minutes to break most numbers.

- Exactly what can (or should) Facebook do about this?
All of it boils down to informing people. The most significant issue with this is that the majority of people don't understand about this as it is the default behaviour. Things would be different if the 'who can look me up' feature is set to 'only me' (which does not exists, yet), in the first place. Facebook could also hide the two numbers that are exposed in a password reset request whenever the user does not frequently visit from that specific computer system. They might likewise restrict the amount of 'pals' you can import additional (I do not see why anybody would import 10.000 numbers at the same time).

- I'm impacted. Should I eliminate my phone number?
That's a hard concern, since telephone number provide an outstanding type of two-factor authentication which is an advised privacy protect. You can still limit your 'who can look me up'- setting to 'just pals'.

- I do not care my contact number is public.
Great for you. I personally do not mind either-- however I'm rather sure others do. Most politicians and Belgian celebs I got in touch with about this problem were grateful I made them familiar with this and removed their telephone number right now.
Caring whether your contact number is public or not, it doesn't actually matter. To me, a more concerning part is that users appear to be disinformed by unclear personal privacy settings. If you set your phone number to 'just me' it should not be overthrown by some other default setting. It shows that regardless of its efforts, Facebook still faces some difficult obstacles worrying personal privacy and functionality.

- Timeline.
> Jan, 9th-- Me: Preliminary report to Facebook.
< Jan, 9th-- Facebook: Automated reply. > Jan, 9th-- Me: Some extra info.
< Jan, 9th-- Facebook: "No concrete security or privacy effect.". > Jan, 9th-- Me: Are you sure? Further clarification.
< Jan, 10th-- Facebook: Yes. > Jan, 12th-- Me: Thanks-- I do not agree however I appreciate the decision. (1/2).
> Jan, 12th-- Me: Ask if I can blog about it in February (2/2).
< Jan, 12th-- Facebook: more clarification (see the screenshot above).

- Are you mad at Facebook?
Not at all. Facebook has among the very best bug bounty programs and security groups readily available to hackers. I appreciate their decision however I likewise believe it's our right to be informed of the style choices which may affect our privacy.

- I discovered a vulnerability in Facebook. Where do I begin?
Cool! Ensure you read their Bug Bounty Rules and are reporting a valid bug. After reporting the issue here, they might choose to honor you in their Hall of Popularity and reward you with a bounty starting at $500 USD.

- Who are you?
I'm Inti and I live in Oilsjt, Belgium-- the country understood for its beer, french fries, chocolate and terrorists. As a kid, I was incredibly knowledgeable at breaking things. I'm 21 now, student, and still doing more or less the same being an ethical hacker with referrals as Google, Facebook, Microsoft, Yahoo and so on. I do not actually consider this as a 'hack' or a 'vulnerability' however-- more like a privacy problem people must understand about.

- Any other jobs?
I recently hijacked a Trump tweet, made StalkScan.com that highlights the creepy side of the Facebook graph search and composed a similar blogpost prior to that eventually got Facebook to repair the dealt with issue.

Such articles Facebook Phone Number Lookup thanks for visiting can hopefully help you out.