> [!info] > Input: [[Social Media Account|personal account]], [[Email Address|email address]], [[Phone Number|phone number]], additional information (answers to security questions or verification) > Output: parts of phone number / email address, [[Name|full name]], [[Photo|photo]], security questions > > Types: {{types}} > Weakness: [[SOWEL-1. Having and Filling Account]] ### Explanation The vast majority of social media platforms have some mechanism to restore your access (restore password) to the account even if you don’t remember your password or login. It could be based on: - sending a one-time code in SMS or email (showing part or the whole digital identifiers of a person: email address, phone number) - security (control) questions (which is an opportunity for hacking, since answers to questions can usually be extracted from public activity; but non-standard questions could contain some valuable information by themselves). Also, some social media platforms apply additional verification asking some data about account such as "what's your last name". ### Examples - [Martin Vigo: From email to phone number, a new OSINT approach](https://www.martinvigo.com/email2phonenumber/) - [Sarah Palin email hack](https://en.wikipedia.org/wiki/Sarah_Palin_email_hack) ### Tools - [email2phonenumber](https://github.com/martinvigo/email2phonenumber) - [holehe](https://github.com/megadose/holehe) ### Type - behavioural - technical