Search by phone number
It would be neat if you could test for pwned accounts searching by phone number. Some utility companies know my phone number but not my email.
Here’s the background on what’s been done: https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/
Angelos E. commented
As others have suggested, you could use Google's libphonenumber to standardise numbers.
But the ones in the Facebook leak were already standardised by Facebook, weren't they? First to first couple of digits are country code without a + or two zeros) and then the number follows, without spaces in international format. This breach was huge. I definitely think it's worth to add phone number lookup to the site, even if it is just for this single breach. This could prove to be a life saver.
troy, could you use the google lib to standardise phone formats? Being able to search for phone number breaches (especially getting a new phone number and knowing if its breached or on spam lists)
I would very much like to see this. SMS phishing is increasing.
A comment on why this is outstanding: phone numbers appear far less frequently than email addresses as you can see on the “who’s been pwned” page: https://haveibeenpwned.com/PwnedWebsites
I also can’t parse the, out with a regex like I can an email address as they don’t adhere to a consistent format. Further, the inconsistencies in format make searching difficult as they’d have to be “normalised” and that’s something that’s very country (and even region) specific.
So in short, much higher work and much lower value. I’ll leave the idea here, but I can’t see it happening in the foreseeable future.
This is a great feature to implement! I’m a little concerned about what I’d do once I know that my phone number has been powned. I’m too attached to it to give it up; changing my number is significantly more difficult than changing a password. I don’t imagine myself a target to have my number cloned and used nefariously. I think my best option would be to only give out a google voice number, or something of its ilk, to protect my phone service number. But at least knowing that my number is out in the wild would be helpful in better understanding what service leaked it and what other personal information is associated with it. I hope this grater can be implemented!
I agree with this feature, in addition to email address. As an additional check tool, one could verify if they phone number was "pwned" in current leaks.
This feature should be used in combination with the email and password checker.
Personally, I am not that concerned about the sole phone number (which can be easily generated by probing every x-digit cell numbers). I am concerned about my name and personal data ALONG with that number
[Deleted User] commented
I've been getting 2 calls a day from ********, **********, ***************) etc...I'd like to trace this back and shut it down somehow.
Agreed. Just started getting random unknown phone numbers every day, and now I wonder if someone got my number.
Agree. My phone number is known by a handful organisations and all absolutely deny they have experienced any data breaches. Just received s spam call from 0488 862 175 and now getting at least two a week. The biggest culprit is Aldi signing up for receipt of food samples, this only began after I offered to participate as it sounded interesting.
I've been thinking about this too. This goes along with Troy's recent inclusion of spam lists -- people want to know their total information exposure.
Antonios Chariton commented
Currently not all breached include a phone number, but all contain an e-mail address. Searching for a phone number could give the "illusion" that you're safe, while you may be not.
Let's wait for Troy to learn more.