How to Search Phone Numbers On Facebook

Do not have the time to read the whole short article? Go to the Frequently Asked Question area below for everything you ought to know, How To Search Phone Numbers On Facebook.

Update: someone mentioned that PayPal actually reveals the last 4 digits of the telephone number, so this method may work for large nations also if the target has its phone connected to its PayPal account.

How To Search Phone Numbers On Facebook

Last month, I discovered it is reasonably simple to reveal personal telephone number on Facebook, uncovering some contact number of Belgian superstars and politicians. Even though this trick only seems to work in small countries such as Belgium (+/- 11.2 million individuals), a significant number of individuals is affected by this easy, yet reliable personal privacy leakage.

When I informed the great folks of the Facebook Security team with my issues, I got a response I didn't rather expect:

When the "who can look me up by phone" setting is set to public, your phone number is public.

There are a few problems with this:.

- The setting is set to public by default.
- It's complicated: although your contact number on your profile is set to 'only me', the 'who can look me up'- setting overrules this. While individuals think their telephone number is personal, it's not:.

This setting just suggests whether the phone number shows up on your profile. It does not indicate whether your contact number is public.

If this setting is set to 'Everybody', which is the default worth, your telephone number is thought about public.

' Who can look me up' also indicates the person 'looking you up' currently has your telephone number. It suggests that somebody if searching for your specific Facebook profile based upon your telephone number, and not the other method around.

- There is merely no only me setting.

If you connect your contact number to Facebook and want to lock down your privacy settings, you can not avoid your 'friends' will still have gain access to.
Despite sharing my interest in the security group, they chose not to repair the concern. Even though I do not agree I respect their decision. I did decide the write about it however-- I believe people have the right to understand.

- Lots of people do not even understand Facebook has their telephone number. While Facebook can not just extract your phone number from your phone, it will repeatedly ask you to confirm and save your number upon launching Facebook for mobile. After a coworker erased his contact number following my findings, Facebook instantly asked him to re-enter it:.



How it works.

My technique uses the chart search. A lot of individuals understands that you can go into a phone number in the Graph Search to get the corresponding user:.



Just evaluating every number is a difficult task that would take months. Facebook likewise has some strong rate limiting in place that will briefly obstruct additional demands after +/- 1000 lookups. Sure, you might use a botnet with valid Facebook accounts, but I make sure Facebook has some constraints to tackle these, too.

STEP 1: The last two numbers (1 minute).

I needed to find a method to test thousands of phone numbers at the same time. The less telephone number I 'd need to test, the quicker I could get to the full number. To remove the last 2 numbers, I used Facebook's password reset functionality:.

Facebook reveals the last two digits of the minister our home affairs, a highly ranked politician.
STEP 2: The provider number (5-- 35 minutes).
Here's a typical Belgian contact number, where X equals any number from 0-- 9, and PP equates to the service provider number. I already completed the last 2 digits we got in the previous action.

04PPXXXX50.
( Less than 400,000 possible numbers).

Supplier numbers are connected to the mobile phone service provider:.

Some service provider numbers are more widely utilized than others. Individuals working for the federal government more than likely have a 047 number, as Proximus is the state-sponsored service provider.

At this moment, I composed a program that would make a contact list with every possible number starting with, let's state, 0479:.

Then imported this list in the 'discover good friends' performance and examined the recommended pals.

There were a number of "Jan"'s in the list, however my target was not. Do not mind the '500' number-- more contacts remained in imported.

No luck for 0478, either. I had to change accounts at this time because Facebook only enables 20,000 contacts to be imported in a brief timespan. I logged into another test account, attempted with 0477 got "3rd time lucky":.

So at this moment we can add the supplier number:.

0477XXXX50.
We also have a list of 10,000 varieties of which one is the minister's number.

STEP 3: Limiting (10-- 15 minutes).
The tail end just consists of some basic mathematics: we have 10,000 possible numbers left, so if we check half of those numbers we can limit our pool to a handful of numbers, for example:.

0477 0000 50-- 0477 5000 50.

The target existed in this variety, so this means that the fifth number is either 0, 1, 2, 3 or 4. 5000 [0000-- 5000] possible numbers left.

Let's divide the 5000 numbers that are left by 2 again.

Checking for 0477 0000 50-- 0477 2500 50:.

No luck with the 0000-- 2500 range, so we can be sure the telephone number remains in the 2500-- 5000 variety. We got 2500 numbers left, divided the swimming pool in a half so we have 1250, 750, 325, 162, 81 and eventually 40 numbers left. We can continue to do experimental testing by spitting the pool in a half to 20, 10 and 5 numbers, but with less than 50 numbers left you can also test all numbers individually in the graph search.

STEP 4: The final countdown (1 minute).
With only 40 possible contact number left, it is pretty simple to evaluate all the numbers that are still in the pool. Simply enter them in the search bar till you struck the profile you were searching for.


I notified the minister about this privacy leak. In a statement he stated he didn't know Facebook was dripping is contact number, however he personally does not really mind as long as there's no abuse.

In cooperation with a regional radio station we called another Belgian star on air to inform him about the truth that I found his telephone number through Facebook. We had a good chat and he removed his telephone number from Facebook instantly afterwards.

Frequently Asked Question.

- Exactly what's the problem?
In little nations contact number on Facebook are quickly visible. Facebook argues that whenever the setting "who can look me op by telephone number" is set to public (which is the default setting), your phone number is thought about public (even though it is not displayed on your profile). This is confusing and Facebook offers insufficient steps to avoid this. Setting your telephone number completely to 'only me' is just not possible.

- Who is impacted?
Anyone in a small country that (possibly unconsciously) added their telephone number and did not alter the default setting. It is difficult to offer a precise list of afflicted countries, however if you have a 10-digit telephone number and the list of company numbers (first two) is rather restricted, it needs to work.

- How can I check whether Facebook understands my phone number?
Go to https://www.facebook.com/settings?tab=mobile. All known phone numbers ought to be noted there.

- How can I test whether I'm impacted?
( Only if you reside in a country with a rather little population, like Belgium):.
Inspect whether Facebook knows your phone number (concern above).
Go to https://www.facebook.com/settings?tab=privacy and examine the setting "Who can look you up utilizing the phone number you offered". If it's set to "Public", anyone might retrieve your phone number if conditions above are fulfilled. If it's set to "Pals", only your good friends can. Keep in mind that there's no "Just me" setting.

- How does it work?
The process includes 4 steps and needs a program that has the ability to create a specific series of telephone number.
1. Getting the last 2 numbers utilizing password reset (takes 2 minutes).
2. Getting the service provider number (if any, depends on luck, takes 15-- 35 minutes for a Belgian telephone number) by creating a list of possible numbers and importing them though the 'find buddies'- performance.
3. Limiting the pool by splitting it in half and experimentation (15-- 20 minutes).
4. Checking the numbers left (40) manually in the Graph search (2 minutes).
It is impossible to anticipate the length of time it takes to discover a telephone number as it depends upon the quantity of possible telephone number, prerequisites (test accounts, contact number generator) and some luck, nevertheless I believe it's safe to say that in my screenings it took only30 minutes to 60 minutes to split most numbers.

- Exactly what can (or should) Facebook do about this?
Everything boils down to notifying people. The biggest problem with this is that many people have no idea about this as it is the default behaviour. Things would be various if the 'who can look me up' feature is set to 'only me' (which does not exists, yet), in the very first place. Facebook might also conceal the 2 numbers that are exposed in a password reset demand whenever the user does not frequently log in from that specific computer. They might likewise limit the amount of 'buddies' you can import additional (I don't see why anybody would import 10.000 numbers simultaneously).

- I'm impacted. Should I remove my contact number?
That's a hard concern, due to the fact that telephone number provide an excellent type of two-factor authentication which is an advised personal privacy protect. You can still restrict your 'who can look me up'- setting to 'only good friends'.

- I don't care my telephone number is public.
Helpful for you. I personally don't mind either-- however I'm quite sure others do. The majority of politicians and Belgian celebs I got in touch with about this problem were thankful I made them knowledgeable about this and eliminated their contact number right now.
Caring whether your telephone number is public or not, it doesn't really matter. To me, a more worrying part is that users seem to be misinformed by vague personal privacy settings. If you set your contact number to 'only me' it should not be overruled by some other default setting. It proves that regardless of its efforts, Facebook still deals with some hard difficulties worrying personal privacy and usability.

- Timeline.
> Jan, 9th-- Me: Preliminary report to Facebook.
< Jan, 9th-- Facebook: Automated reply. > Jan, 9th-- Me: Some additional details.
< Jan, 9th-- Facebook: "No tangible security or personal privacy impact.". > Jan, 9th-- Me: Are you sure? Further explanation.
< Jan, 10th-- Facebook: Yes. > Jan, 12th-- Me: Thanks-- I do not concur however I respect the choice. (1/2).
> Jan, 12th-- Me: Ask if I can blog about it in February (2/2).
< Jan, 12th-- Facebook: further information (see the screenshot above).

- Are you mad at Facebook?
Not. Facebook has one of the very best bug bounty programs and security groups readily available to hackers. I respect their decision but I also think it's our right to be informed of the style choices which may impact our privacy.

- I found a vulnerability in Facebook. Where do I start?
Cool! Make certain you read their Bug Bounty Rules and are reporting a valid bug. After reporting the problem here, they may decide to honor you in their Hall of Popularity and reward you with a bounty starting at $500 USD.

- Who are you?
I'm Inti and I live in Oilsjt, Belgium-- the country understood for its beer, fries, chocolate and terrorists. As a kid, I was extremely skilled at breaking things. I'm 21 now, trainee, and still doing more or less the very same being an ethical hacker with recommendations as Google, Facebook, Microsoft, Yahoo and so on. I don't really consider this as a 'hack' or a 'vulnerability' however-- more like a personal privacy problem individuals should learn about.

- Any other projects?
I recently hijacked a Trump tweet, made StalkScan.com that highlights the weird side of the Facebook chart search and composed a comparable blogpost prior to that ultimately got Facebook to fix the resolved problem.

Such articles How To Search Phone Numbers On Facebook thanks for visiting can hopefully help you out.