Show HN: Test if your (US) phone number is in the leaked Facebook data

When a person submits their phone number to this website, the website operator can immediately search Facebook for the user name associated with the phone number. No need to save the phone numbers. He can turn them into user names. Edit: Not suggesting the website operator is doing that, but the point is he could.<p><a href="https:&#x2F;&#x2F;mbasic.facebook.com&#x2F;login&#x2F;identify&#x2F;?ctx=recover" rel="nofollow">https:&#x2F;&#x2F;mbasic.facebook.com&#x2F;login&#x2F;identify&#x2F;?ctx=recover</a>

Reading some of the comments here about entering your phone number on this site, I don’t believe there’s as much as risk as people seem to think. If the site were asking you to enter your username <i>and</i> password to check if it’s on a pwned list, well, yes, that would be a dumb thing to do.<p>But a telephone number is telling the website operator at most that the phone might be associated with you, but all he learns about you is your IP address and possibly your browser fingerprint. He doesn’t get your name, Facebook ID, email address, interests, password, or anything else.<p>Now you might say that he can see your Facebook ID or email address in the list of leaked data, and possibly through the Facebook password reset user interface as well. But he could have done that anyway without you ever having supplied the phone number. He has the entire leaked list and it seems that pretty much anyone can get the leaked list with modest effort.<p>Furthermore phone numbers <i>by themselves</i> carry very little information because they are not sparse. If I give you a correctly formatted 10 digit number like nnn-nnn-nnnn, there’s a quite good chance that it’s a working North American telephone number. By correctly formatted, I mean that it has a valid area code, that the prefix doesn’t begin with a 1 or 0, that the prefix is not 555 (that’s for movies you know), etc. If you follow those rules, I once worked out that you’d have a 20% chance that you’d get a working phone number.<p>The point is that keeping your random 10 digit phone number off the Internet offers you no additional security or privacy. Phone spammers can test call every possible North American telephone number just as hackers can scan every IP4 network address in the world (only 2^32 of those).<p>Associating the phone number with your name is bad, I agree. That allows targeted attacks (and targeted spam calls). But you are not giving your name to this website operator. You’re giving him 10 digits — he could have pulled 10 digits out of thin air and it would likely have been someone’s phone number anyway.

David may very well be a trustworthy individual, but any time you voluntarily transmit your phone number online (to Facebook, or otherwise...), you are putting your own personal data security at risk.

Why not just release a compressed CSV of just the numbers? I could grep it in 1 second without worrying about leaking information.

It would be nice if it let you search partial numbers and manually scan the results.<p>I get so many spam calls I&#x27;m afraid to enter my number anywhere.

Any plans to add a Paranoid Mode that lets you search for a hash of a phone number (or email address)? I&#x27;d imagine that could be more successful on here, heh.

Thanks David! Was going to download&#x2F;parse the data myself to see if I had been impacted so appreciate you making this tool.

I made a version for NL users, but based on first name&#x2F;last name (returning the last three digits of their phone number): <a href="https:&#x2F;&#x2F;jstsch.com&#x2F;facebook" rel="nofollow">https:&#x2F;&#x2F;jstsch.com&#x2F;facebook</a>

I also made an Australian version: <a href="https:&#x2F;&#x2F;www.thenewseachday.com&#x2F;facebook-phone-numbers-australia" rel="nofollow">https:&#x2F;&#x2F;www.thenewseachday.com&#x2F;facebook-phone-numbers-austra...</a>

If anyone with the zip file is trying to &quot;grep&quot; themselves on Windows the powershell command is<p>Select-String &quot;(firstName\b)+:(lastName\b)&quot; &#x27;.\theUnzippedFolder*.txt&#x27;<p>I&#x27;m not familiar with windows at all but this worked for me testing names I already know are in the txt and I found some people with names like mine but not me, phew It wouldve been faster to just open each text and control+f but I guess I learned something useful.

yeah not going to use any search tool where i need to enter my number ... you could just post the data by area codes..... just create a bland UI that lists all area codes ..let user click into the area code and then on the next page list all the phone numbers in that area code that have been affected.<p>I&#x27;d use that but not searching by phone number.

Years of telling Facebook I won’t give them my number finally pay off.<p>I deleted my account a while back. (Well, whatever Facebook calls “deleted.” Incidentally, did you know you can’t delete your HN account, even if you email them and ask?) Curious whether there’s any data for me at all in this breach.

If you did something like asked for the first and last digits and the other digits of the phone number in any order and then returned the list of phone numbers that contained those digits even that would be better.

Is this satire? I hope it is. I hope that when you enter a number into the field; gigantic text appears on the screen in 150pt font saying &quot;HAVEN&#x27;T YOU LEARNED ANYTHING???&quot;

Or you could just download the data yourself and grep it. No need to submit your phone number to yet another website.

Where can I find the data set? I want to grep for my friends and family and see which data is leaked.

Why only USA?