Looking for an Instagram profile number

The finished tool is presented at the end of the article.

What can you learn about a person you are not familiar with if you have a miserable 11 digits of his phone number?

We often have to deal with the analysis of information from open sources. In particular, the most useful are social. networks, since they contain information about specific people who themselves were happy to share it.

By and large, any modern social. the network is a storehouse of knowledge for an OSINT researcher, however, most of the really useful information is hidden from the eyes of a simple layman, and you won’t be able to get it just like that (without some knowledge and proper preliminary preparation). Often you need to know well in advance the structure of social mechanisms. networks and for long hours to look for patterns in the processes going on "behind the scenes". And here it’s not even about finding any errors, bugs or vulnerabilities that can be exploited, but rather about situations where the feature that should have been fight evil, not join it helping people and making their life better, allows you to use yourself from a completely different, unpredictable side for the developers themselves.

Today we look at the interaction of the social network Instagram with the numbers of your phone book.

Instagram has a very interesting feature that, after registration, allows you to quickly help the user navigate and find their friends who also use Instagram.

Previously, it was enough to go to “Discover People” and move to the “Contacts” tab, after which we would instantly get a list of users associated with our phone book:

The feature is quite interesting, given that it is very easy to calculate a person’s account with its help – just drop a number in the address book, then go to “Discover People” -> “Contacts” and get his account already. And where is the Instagram account, there is also a photograph of the owner, his friends and the events that happened to him. For a social engineer, it's just a storehouse – in a word, everything is delicious, and Instagram understood it well. Therefore, this loophole was closed, well, or at least they tried to do it.

It was sad to stumble upon articles (like this one: lifehacki.ru/pochemu-v-instagramme-ne-pokazyvaet-kontakty) that appeared this fall. In short, they told us that “Instagram services have fallen”, and that “Instagram support does not react to mass appeal from users” and so on.

The fact is that our favorite “Contacts” tab, since September, has become empty, claiming with all its important appearance that our phone book does not contain any numbers related to any Instagram accounts at all.

And in fact, one would think that these are some kind of problems on the Instagram servers, and soon everything will return to square one. But all hopes are crumbling as soon as we upgrade to version, because …

Yes. Because now the “Contacts” tab is completely gone. In fact, the feature was cut out and, most likely, this is due to the desire of Instagram to look like a company that cares about the privacy of its users and their personal data. That’s all, like, subscribe to the channel, disagree, right?

Wait a minute! But why then does the new version of the application still ask me for permission to access the phone book?

Maybe we still missed something? Let's take another look at the panel of suggested users.

Indeed, Instagram shows me offers that I could not find out about except for the phone book. We conclude: Instagram just redid the feature in a certain way, complicating the process of matching people from the phone book with its users. And that’s exactly what I suggest playing with.

How does the new matching process work? Obviously, the phone book is still being processed by Instagram, but now it’s definitely not clear who is on the list from the phone book and who isn’t. Or is it still possible? Let's try to subscribe to a user, and see how the list of proposed users changes.

We can see that now the entire offer is littered with users with whom our only subscription is associated. This suggests that users get here in a very large number of ways, from advertising accounts to close friends of those you follow.
But what about the list itself? On one page, 10 accounts are placed, and if you scroll further, a dozen more will appear. I wonder how long this list is? We begin to methodically go down, go through a few more downloads and dodge at the end of the list.

If you count all users (and they are unique here, without repetition), then exactly 100 pieces come out. In addition, the contents of the list are permanent. Maybe, of course, the order of users in this list will change, but not the content. This is your “bubble” in which you will be for some time, unless you are furious and start to delete everyone! Then the list may end, and Instagram will be forced to make you a new one! After deleting all:

After the swipe with the update:

When updating the list too often, Instagram leaves you in the current “bubble”: you delete users, but they do not disappear (after updating the list, they are back in place). A measure to protect against permanent deletions is, of course, not bad. But we, too, are not embroidered, so "if you cannot defeat the crowd, head it!" Let's try to experiment a little: we subscribe to everyone who was on the offer. Subscribed to all:

Updated list:

After updating the list with a swipe, we see a new one. Now you can safely unsubscribe from all those people – we no longer need them. This approach will allow you to get out of the “bubble” and find the next account by number, if necessary.

All of the above clearly shows that the phone number is still not difficult to get an account owner. Based on these developments, we at Postuf implemented a simple nuga.app service to search for an Instagram account by its number in order to demonstrate one of the many potential sources of information for an OSINT engineer.

This service demonstrates only a small part of what can be obtained from open sources, and what is available to you here and right now, but which you can simply not guess about.

Well, as for the social services themselves. Networks: all of these various services that collect our information, if they are some kind of "evil", are still necessary. We are not opposed to progress, because the line between just a useful feature and arrogance that allows you to invade the personal space of a stranger is very blurred. This is exactly what you should think about, because we have delegated our authority to use their personal space to them – information giants (who also need profit, first of all, do not forget). And now they themselves decide, how and what to do with our personal information.

By the way, recently a list of so-called “best friends” was added to Instagram. It seems to be also an interesting feature. But for some reason they did not make it possible to create any arbitrary user groups in order to effectively manage their publications in the stream and stories. They are interested in our best friends, the closest ties – the rest is not important. But why so? After all, no one can access this information …

… because it can’t, right?

