Extrapolating Phone Numbers Using Facebook and PayPal

by Karan Saini

This article is a follow-up to a piece I wrote last year, entitled "Extracting Full Phone Numbers from the Leaked Snapchat Database."

I'm hoping to highlight the privacy risk of linking the same phone number across all of your online accounts, and how it could very easily allow for your personal phone number to become known.

This was written with the assumption that the user is from the United States, but it could also very easily be adapted to work with users from another country.

Starting off, we will have to determine the user's location from their online presence.

This part should be easy enough, as most people reveal their current city on their Facebook page.  However, if this information is not available on their Facebook page, it will have to be inferred from another publicly available source.

Head over to the "Forgot password" page on Facebook, and submit the email address of the user whose phone number you're trying to retrieve.

If the user has linked their phone number with their account, you will be presented with the last two digits of the same:

+1 *** *** **01

We're going to head over to PayPal's, website for more useful information regarding the user's phone number.

Enter the email address of the user on PayPal's, "Forgot password" page.

+1 2** *** 4401

Now, we're only five numbers short.

Well, actually, just three.

After having a quick look at the user's Facebook profile, I've been able to surmise that he is currently residing in New Jersey, USA.  I'm also aware that many telephone numbers issued in New Jersey utilize the area code 201:

+1 201 *** 4401

It is also possible to get a list of all area codes which are used for phone numbers issued in a certain city or state (InfoPlease.com is very useful here).

Let's head over to AllAreaCodes.com for the final bit of information which we'll require.

We're going to parse all area code prefixes and adjoin them with the last four digits of the partial phone number we currently have.

This part might be time consuming and arduous, but it is very essential to be able to obtain the user's phone number.

We're going to head over to the "Forgot password" page on Facebook once again.

This is the last step of the process - we're going to keep submitting and checking off phone numbers from our list (which shouldn't be very long to begin with, but if it is, the process can be automated using scripts) until you're able to observe a pattern of the email address that is most likely to match the one you originally provided.

It is also possible to further verify that the retrieved phone number belongs to the user, however, I'm not going to be writing about such methods in this article.

Thank you for reading.

Return to $2600 Index