Getting an Instagram profile by phone number
This is a translation of the article from Russian IT blog platform Habr written by company Postuf in 2019. I am not associated with the authors and translated the article solely out of interest in the idea and the desire to share it.
A ready-to-use tool was presented at the end of the article, and was working at the time of publication of the article, but now it doesn’t work.
What can you learn about someone you don't know if you have a measly 11 digits of their phone number?
We often have to deal with the analysis of information from open sources. In particular, social networks are the most useful, since they contain information about specific people who are happy to share info about them.
By and large, any modern social network is a storehouse of knowledge for an OSINT researcher, but most of the truly useful information is hidden from the eyes of the average person, and it will not be possible to get it just like that (without some knowledge and proper preliminary preparation). Often you need to know the structure of social mechanisms well in advance, and spend long hours looking for patterns in the processes taking place “behind the scenes”. And here it’s not even about looking for some errors, bugs or vulnerabilities that can be exploited, but rather about situations when a feature that was supposed to fight evil, and not join it to help people and make their lives better, allows you to use yourself from a completely different side, unpredictable for the developers themselves.
Today we will take a closer look at the interaction of the social network Instagram with the numbers in your phone book.
Instagram has a very interesting feature that allows, after registration, to very quickly help the user navigate and find their friends who also use Instagram. Previously, it was enough to go to “Discover People” and move to the “Contacts” tab, after which we instantly received a list of users associated with our phone book:
The feature is quite interesting, considering that with its help you can very easily find out a person’s account - just put the number in the address book, then go to “Discover People” -> “Contacts”, and get his account. And where there is an Instagram account, there is always a photo of the owner, his friends and the events that happened to him. For a social engineer, this is just a treasure trove - in a word, everything is delicious, and Instagram understood this well. Therefore, this loophole was closed, or at least they tried to do so.
It was sad to come across articles (like this one) that appeared in the fall of 2019. In short, they said that “Instagram services have fallen,” and that “Instagram support does not respond to mass requests from users,” and so on.
The fact is that our favourite “Contacts” tab, starting in September, became empty, asserting with all its important appearance that our phone book, it turns out, does not contain a single number related to any Instagram accounts.
One would think that this is some kind of problem on the Instagram servers, and soon everything will return to normal. But all hopes are dashed as soon as we update to version 118.0.0.28.122, because...
Yes. Because now there is no “Contacts” tab at all. The feature was cut out and, most likely, this is due to Instagram’s desire to look like a company that cares about the privacy of its users and their data. That’s all, like, subscribe to the channel, let’s go, right?
Just a minute! But why then does the new version of the application still ask me for permission to access the phone book?
Maybe we missed something after all? Let's take another look at the suggested users panel.
Indeed, Instagram shows me offers that I couldn’t find out about in any way except the phone book. We conclude: Instagram simply redesigned the feature in a certain way, making it more difficult to match people from the phone book with their users. And this is exactly what I suggest playing around with.
How does the new matching process work? The phone book is still processed by Instagram, but now it is not clear who is on the phone book list and who is not. Or is it still possible? Let's try to subscribe to some users and see how the list of suggested users changes.
We can see that the entire suggestion section is now flooded with users with whom our only subscription is associated. It means that users get here in a very large number of ways, from advertising accounts to close friends of those you follow. But what about the list itself? There are 10 accounts on one page, and if you scroll further, a dozen more will appear. I wonder how long this list is? We begin to methodically go down, go through a few more loads and end up at the end of the list.
If you count all the users (and they are unique here, without repetition), then it comes out to exactly 100 people. In addition, the contents of the list are permanent. Maybe, of course, the order of users in this list will change, but not the content. This is your “bubble” that you will be in for a while unless you go crazy and start deleting everyone! Then the list may end and Instagram will be forced to make you a new one! After removing all:
After swiping and updating:
If you update your list too often, Instagram leaves you in a current “bubble”: you delete users, but they don’t disappear (after updating the list, they are back there). A measure to protect against constant deletions is, of course, not a bad thing. But we, too, are not born with the same skill, so “if you can’t beat the crowd, lead it”! Let's try to experiment a little: subscribe to everyone who was in the proposal. Subscribed to everyone:
The list was updated:
After updating the list with a swipe, we see a new one. Now we can safely unsubscribe from all those people - we no longer need them. This approach will allow you to get out of the “bubble” and find another account by number, if necessary.
All of the above clearly shows that it is still not difficult to get the owner’s account by phone number. Based on these developments, we at Postuf have implemented a simple service nuga[.]app to search for an Instagram account by its number to demonstrate one of the many potential sources of information for an OSINT engineer.
This service demonstrates only a small part of what can be obtained from open sources, and what is available to you here and right now, but which you may simply not be aware of.
Well, as for the social networks themselves: all these various services that collect our information, if they are some kind of “evil,” are still necessary. We are not opponents of progress, because the line between a simply useful feature and the arrogance that allows you to invade the personal space of a stranger is very blurred. This is exactly what is worth thinking about because we have delegated our powers over the disposal of personal space to them - the information giants (who also need profit, first of all, don’t forget). And now they decide at their discretion how and what to do with our personal information.
By the way, Instagram recently added a list of so-called “best friends”. It seems to be an interesting feature too. But for some reason, they didn’t make it possible to create any arbitrary user groups to effectively manage their publications in the feed and stories. They are interested in our best friends, our closest connections - the rest is not important. But why is that? After all, no one will be able to access this information...
... because they won’t be able to, right?