1
00:00:00,140 --> 00:00:06,800
Snapchat is the next bridged database that I would like to cover to find someone's phone number.

2
00:00:07,370 --> 00:00:16,010
Now, this data breach occurred in 2014, so you will be able to find Snapchat users partial phone numbers

3
00:00:16,010 --> 00:00:17,300
in this data leak.

4
00:00:17,300 --> 00:00:23,960
So you have to expect that you are going to find only users that have created their accounts before

5
00:00:23,960 --> 00:00:24,890
2014.

6
00:00:24,890 --> 00:00:34,160
And the way this database got leaked is by abusing Snapchat API to resolve usernames to phone numbers.

7
00:00:35,000 --> 00:00:42,380
Now, this database does not contain any password, it only contains usernames and partial phone numbers.

8
00:00:42,680 --> 00:00:50,120
And we are going to learn how we can utilize and weaponize this database to find someone's full phone

9
00:00:50,120 --> 00:00:50,720
number.

10
00:00:51,470 --> 00:00:56,480
Now, to download this database, all you have to do is just go to the link in the resources of this

11
00:00:56,480 --> 00:01:02,840
lecture and then click on seven zip to download a 32MB file.

12
00:01:03,530 --> 00:01:06,080
So in my case, I have already downloaded.

13
00:01:06,860 --> 00:01:07,430
Here it is.

14
00:01:07,430 --> 00:01:11,570
I'm going to right mouse click and then say extract all.

15
00:01:11,810 --> 00:01:13,820
And then I'm going to say extract.

16
00:01:15,830 --> 00:01:18,770
And now I'm going to get a txt file.

17
00:01:18,800 --> 00:01:25,130
And to see how this txt file looks like I'm going to click on it because it's not very large.

18
00:01:25,130 --> 00:01:27,560
It's only 170MB.

19
00:01:28,160 --> 00:01:34,820
And you will see here Snapchat usernames and partial phone numbers that ends with XXS.

20
00:01:35,480 --> 00:01:40,940
Now I have already searched for Rishi Kabra within this data breach, and I wasn't able to find his

21
00:01:40,940 --> 00:01:46,100
Snapchat account because I believe that he created his account after 2014.

22
00:01:46,130 --> 00:01:53,960
But to show you a real life example, I'm going to find the phone number of this Snapchat account so

23
00:01:53,960 --> 00:02:02,590
we can see that the username of this person is Clair's Mensah I believe and this is how she looks like.

24
00:02:02,590 --> 00:02:06,400
So she has brown hair and blue eyes and she is white.

25
00:02:07,480 --> 00:02:15,010
So I'm going to copy the username and then open Agent Transact and then search for this username within

26
00:02:15,010 --> 00:02:16,450
this txt file.

27
00:02:16,450 --> 00:02:18,310
So I'm going to put the username.

28
00:02:18,310 --> 00:02:20,500
And then I'm going to say start.

29
00:02:20,500 --> 00:02:23,680
And as you can see we were able to get a match.

30
00:02:23,920 --> 00:02:27,100
Now we can see that this is not a full phone number.

31
00:02:27,130 --> 00:02:30,610
The last two digits are replaced with x.

32
00:02:30,820 --> 00:02:35,290
So I'm going to copy the phone number and the username and open a.

33
00:02:35,290 --> 00:02:38,230
TXT file and put it in here.

34
00:02:38,560 --> 00:02:41,620
Let me copy the phone number and add it in here.

35
00:02:41,620 --> 00:02:50,170
And now to find the full phone number we are going to use Facebook to find if she has a Facebook account

36
00:02:50,170 --> 00:02:52,210
and if she has a Facebook account.

37
00:02:52,210 --> 00:02:58,240
We are going to click on forgot my password and this might reveal the last two digits.

38
00:02:58,420 --> 00:03:03,310
So I'm going to copy here username and then go to Facebook and put it in here.

39
00:03:03,340 --> 00:03:07,120
Now you can search for the username or for her full name.

40
00:03:07,420 --> 00:03:10,990
But in our case we were able to find someone who lives in New York.

41
00:03:10,990 --> 00:03:13,240
So I'm going to click on this profile.

42
00:03:13,480 --> 00:03:19,930
And then I'm going to copy the URL and then open an incognito tab and go to Facebook.

43
00:03:19,960 --> 00:03:25,450
And now I'm going to click on forgot Account and put the URL.

44
00:03:27,430 --> 00:03:30,130
And then you want to click on Try Another Way.

45
00:03:30,790 --> 00:03:37,030
And we can see that there is a phone number that's associated with this account that ends with one three.

46
00:03:37,030 --> 00:03:39,490
So I'm going to copy these two digits.

47
00:03:39,670 --> 00:03:45,340
And by coming back to my txt file I can replace the double x with these numbers.

48
00:03:46,360 --> 00:03:56,940
So let me copy this number again and go to Facebook I'm going to say plus one for USA and then enter

49
00:03:56,940 --> 00:03:59,670
the phone number and then click on search.

50
00:04:00,390 --> 00:04:08,250
And we can see that this phone number is also associated with the Facebook account that has an email

51
00:04:08,250 --> 00:04:14,820
address that starts with C, which is similar to the email address that we have seen before.

52
00:04:14,820 --> 00:04:23,130
So if I searched for Claire again, we can see that her email address also starts with C.

53
00:04:23,250 --> 00:04:26,250
So I believe that this is here for number.

54
00:04:26,250 --> 00:04:33,990
So in this lecture we have learned how you can utilize and weaponize Snapchat database to find someone's

55
00:04:33,990 --> 00:04:34,950
phone number.

56
00:04:34,980 --> 00:04:37,200
Now this is not always going to work for you.

57
00:04:37,200 --> 00:04:43,170
You might not be able to find the person, or you might not be able to find the person's Facebook account.

58
00:04:43,170 --> 00:04:46,410
So this is not something that's going to work all the time.

59
00:04:46,410 --> 00:04:54,480
But I think that knowing this will improve your awareness and help you to develop your own Osint methodologies

60
00:04:54,480 --> 00:04:55,620
and techniques.