How To Find Someone On Facebook By Phone Number In 2023
How Can I Search For Someone On Facebook Using Phone Number
This post was made to answer questions like:
ü Can I find someone on social media with their phone number?
ü Can you look up someone by their phone number?
ü How do I find someone on Facebook by phone number on messenger?
Why Does Facebook Request For Users Phone numbers
The main reason Facebook ever asked users to add their mobile number was for extra security. but adding your number serves as more than just security, people could actually locate you on Facebook by searching for your mobile number.
Facebook really wants your phone number, nagging you for one as soon as you join. This isn’t all bad since it can help secure your account with two-factor authentication. On the flipside, this makes it easy to reveal the private phone numbers of virtually anyone on Facebook, including celebrities and politicians. We’re going to look at how a hacker would do this and how to protect yourself.
How do I search for someone on Facebook by phone number?
I know you have several questions running in your head right now,do you really want to know how to find that special someone using his/her phone number to get them on Facebook. I outlined some simply steps for you to follow here.
How To Locate Someone on Facebook By Their Phone Number in The US
The steps over here will show you how hackers locate Facebook Accounts
- Using the Area Code
If you think of a target’s phone number as one of all the possible 10-digit US phone numbers, you can quickly see that 10 billion North American phone numbers it far too large a list to effectively search through. Luckily for the hacker, he can cut this down thanks to the North American Numbering Plan (NANP) which lays out the guidelines for phone numbers in the US.
Let’s take an example: 234-235-5678. Looking at the NANP, we can see that the first three numbers (234) are the area code, and the plan allows for 2–9 as the first digit and 0-9 for the second and third digits. That information right there eliminates one billion possible numbers from the hacker’s list.
The hacker can also quickly take advantage of this if they know or can take an educated guess at where you live, as it’s as easy a Google search. By doing this, the hacker can remove a further 9 billion 990 million numbers from the list of potential guesses.
The next three numbers after the area code in our example (235) are the central office prefix. Again, the plan calls for 2–9 for the first digit and 0–9 for both the second and third digits, but with a caveat.
In area codes where the second digit is 1, the third can’t also be 1. This yet again removes a large number of phone numbers from the hacker’s list. The last four digits of the phone number is the line number, in this case, 5678.
I took the educated guess that the Mayor of DC would have a DC area code, and a hacker could also look up the target’s Facebook account and likely find a hometown or the current city the target lives in or works from. Some larger cities like Los Angeles will have multiple area codes within them, but no matter how many “split” area codes there are, it still greatly reduces the hacker’s list of possible numbers.
- Get the Last Numbers
Now that I know my target’s number is 202-???-????, I want to try and remove as many of those question marks as possible, making it easier to do a Facebook search later on. Thankfully, Facebook has our back and has made this probably the second easiest step, after using the area code. In order to get the last two numbers, we just have to go a few steps into the password reset process.
To do this, the hacker goes to the main Facebook page and clicks “Forgot account” to start the process.
Next, they enter the target’s name they have in mind and click the “Search” button.
The hacker is then presented with a list that includes a face picture paired with each matching account that helps them quickly identify their target. There’s our target right at the top!
Facebook then kindly provides the hacker the last two digits of the targets number, along with some information about the emails accounts associated with their Facebook account, such as the first and last letter, and sometimes the email domain.
That’s as far as the hacker has to go. They don’t actually reset the password, and they shouldn’t so that the target never receives any kind of notification to tip them off.
- Use Outside Sources
With over 218 million users, PayPal and other services can help add to the information the attacker has collected so far. In this case, if the target is a PayPal user, the hacker can get two additional digits of the phone number we’re looking for.
In the picture above, you may have noticed that the first email listed is a Gmail account that starts with “M” and ends with “R.”
That’s funny, since my targets first name starts with an “M,” and her last name ends with an “R.” To a hacker, this screams “I used my name as my email!” Suspecting this was the case, I checked it on Gmail by typing it in.
Google accepted it, but that doesn’t necessarily mean that it’s the target’s email. The hacker can check by doing the same password reset trick they pulled with Facebook.
Yep, this account just so happens to have a number that ends in 69. Coincidence? I think not. Now that I have an email to work with, I can jump over to PayPal in a new tab, and once again, use the same password reset trick.
This time, when I get to the password reset screen, I get not only all four digits of the line number, but also the first number of the area code too!
This allows me to be reasonably sure that I’m on the right track with the area code, and verifies my previous work on finding the last few numbers. This means I have the number 202-???-6969 so far. In other words, my list has gone from 10 billion choices to about a thousand in just a few minutes of work.
- Brute-Force It the Smart Way
At this point, a hacker could just start throwing numbers into the Facebook search bar, but that still wouldn’t be that efficient. So what does a lazy hacker do? They take advantage of a Facebook feature that allows you to conduct a bracket search.
Facebook allows you to upload lists of contacts in CSV format, and then tells you if they are on Facebook so you can add them as friends. By constructing my own contact list of potential numbers, I can quickly rule out large chunks of wrong numbers.
In this case, I know the number has to be in the range from 202-000-6969 to 202-999-6969. By cutting that in half and creating a list of numbers from 202-000-6969 to 202-500-6969, I can effectively rule out half of my list, as the target will only be in one of the two half lists created. Then, I can upload the list and instantly determine if they are on it or not.
To create this list, I went to Google Contacts and clicked “Export” to get a sample CSV file to work from.
Facebook prefers to accept the list in Google CSV format, so I saved it as such from Google Contacts.
From there, a hacker can open the file in Google Sheets or Excel and change the column formula for the phone numbers to one that will iterate over the numbers they need to check, as seen in the following example.
In the excel formula below, I start by taking the lowest value phone number, in this case, 2020006969, then I add 10,000 to it in order to increase the fifth place digit by 1. This formula will repeat as many times as needed, but we shouldn’t do it more than 1,000 times because there are only a thousand numbers in our list to guess. If the target hadn’t had a PayPal account to help us derive the third and fourth place digit, then we would be adding 100 to increase the third digit instead.
=(ROW()*10000) +2020006969
From there, it is simple to sign into a Facebook account and go to the Friend Finder feature. Click on the Gmail logo and then “Find Friends.”
Next, scroll to the bottom of the page and upload your CSV file containing the phone numbers you wish to try.
After it’s uploaded, Facebook presents the hacker a list of “Friends” to add from the list. They would then search for their target inside that list. My target doesn’t seem to be here, so I know they aren’t in this half of our batch of numbers.
Next, instead of testing the next 500, I split the next 500 in half and check one of those halves. This is because I already know the target will be on the second list since they weren’t in the first half. The hacker can continue searching in this way until the target appears on a phone number list.
From there on out, the hacker would test smaller and smaller batches of numbers until they have only a handful to test. I stopped when I had it down to about 30 numbers. Obviously, this will take longer if the hacker has less information about the other digits of the phone number to begin with, as they will have a larger number set to search. Facebook will rate-limit the hacker to five attempts per day but they can get around this by signing into another account.
- Test the Last Few Numbers
Once that hacker has it down to a handful of numbers, they can go to the Facebook search bar and type them in one by one. To do so, just type the number into the search bar with no hyphens. If the requests are going too fast, or if they search for too many, Facebook starts to rate-limit them with a CAPTCHA.
However, that’s not much of a defense when the hacker only has 30 numbers to check.
In total, it took me around 30 minutes to an hour to find the target’s number, and these same steps could be used on anyone who has their phone connected to Facebook.
If you don’t want anyone to find you/someone on Facebook by phone number on messenger or the regular Facebook app, you need to:
Protect Yourself
The simplest way to protect yourself is to never connect your phone to Facebook. If you still want to use two-factor authentication, Facebook allows you to use a USB U2F device without having to rely on your phone.
If you absolutely must have your phone connected, navigate to Facebook Settings, select “Privacy,” then “Who can look you up using the phone number you provided?” Set this option to “Friends.” Unfortunately, Facebook doesn’t let you set this to “Only me.”
On a mobile device, you would tap on the three-line menu icon, select “Account Settings” (iOS users will have to select “Settings” first), then tap on “Privacy.” You’ll see the same “Who can look you up” question above where you can change your preferences to “Friends” only.
Read: How to See Someone’sHidden Friends List on Facebook
Some Problems Faced While Searching for Someone on Facebook by Phone Number
Even though searching for someone on Facebook with their phone number can be very easy ,there are still some problems encountered while doing this ,Facebook has really made a lot of adjustment. In time past, most people see it as a way to lock up others profile and even target them with ads without giving them an option to opt-out,because of this, Facebook limited the feature.
Now, you cannot just search for someone via their mobile number and find them. now users can hide their mobile number from the general public and place restrictions on those who can look them up via their mobile number. now, Facebook gave users options to fix the problem by giving them the following options of who can look them up via their mobile number:
- Friends
- Friends of friends and
- Everyone.
this simply means that if you set it to everyone, every single person on Facebook with your mobile number could locate your Facebook account.