Find facebook id from phone number
Don’t have the time to read the entire article? Go to the FAQ section below for everything you should know.
Update: someone pointed out that PayPal actually reveals the last four digits of the phone numbers, so this technique may work for large countries as well if the target has its phone linked to its PayPal account.
Last month, I discovered it is relatively simple to reveal private phone numbers on Facebook, uncovering some phone numbers of Belgian celebs and politicians. Even though this trick only seems to work in small countries such as Belgium (+/- 11.2 million people), a significant number of people is affected by this simple, yet effective privacy leak.
When I notified the fine folks of the Facebook Security team with my concerns, I got an answer I didn’t quite expect:
When the “who can look me up by phone” setting is set to public, your phone number is public.
There are a few issues with this:
- The setting is set to public by default
- It’s confusing: even though your phone number on your profile is set to ‘only me’, the ‘who can look me up’-setting overrules this. While people think their phone number is private, it’s not:
‘Who can look me up’ also implies the person ‘looking you up’ already has your phone number. It implies that someone if looking for your specific Facebook profile based on your phone number, and not the other way around.
- There is simply no only me setting
Despite sharing my concerns with the security team, they decided not to fix the issue. Even though I do not agree I respect their decision. I did decide the write about it nonetheless — I think people have the right to know.
- Many people don’t even know Facebook has their phone number. While Facebook can not just extract your phone number from your phone, it will repeatedly ask you to confirm and save your number upon launching Facebook for mobile. After a colleague deleted his phone number following my findings, Facebook immediately asked him to re-enter it:
How it works
My technique uses the graph search. Most people knows that you can enter a phone number in the Graph Search to get the corresponding user:
Simply testing every number is an impossible job that would take months. Facebook also has some strong rate limiting in place that will temporarily block additional requests after +/- 1000 lookups. Sure, you could use a botnet with valid Facebook accounts, but I’m sure Facebook has some restrictions to tackle these, too.
Find facebook id from phone number
Reviewed by Daniel Chuks
on
04:20
Rating:
No comments