The Advantages of the “Wrong Password” on LinkedIn #OSINT

booleanstrings Boolean Leave a Comment

 

A more descriptive title of this post could be “Hack: Check Whether an Email Address or Phone Number is Registered on LinkedIn in 5 Seconds or Less”.

The “hack” does not reveal which member it is – it only returns a Yes/No answer. But it is a validation pointer for the contact phone number or email address you are looking to verify, or, in a different scenario, trying to guess the email or the missing phone digits. It is a “good to know” piece in OSINT research.

Since the death of the Sales Navigator URL hack, there is still – even improved – way to mass-cross-reference long lists of emails (as long as 9K+). But there is nothing as quick and simple as a login attempt to verify whether a single email address or phone is registered. That is, if the site “cooperates”. 😉

“Wrong password” – seen on two out of the four screenshots below – is a welcome response that reliably validates the contact data you have.

There is nothing new about the “research using login dialogs” OSINT approach. This post is an alert that it works well on LinkedIn right now. 🙂 These checks do not trigger any notifications either (but avoid entering the same existing email just in case). Enjoy them before things change again. (With LinkedIn, imminent change is the only thing we can be sure about, lol).

Looking for someone?

Looking for professionals whose social online footprint is minimal (common for  essential workers), or perhaps an old classmate or your backpacking buddy?

It is often hard to find people on LinkedIn:

  • with “shallow” (barely filled out) profiles
  • with outdated professional history or education
  • spelling their name in different ways (or changing the name)

But if you have a guess at at the email address or found an old address, seeing “wrong password” means that the person likely uses the email – or phone – in question, (Gmail-based emails have the highest chance of being kept.) You can then find the person by email, see more info, and email them if relevant. Of course, not finding a LinkedIn member by phone or email is far from guaranteeing that the contact data is outdated – it can be either way – but it is also a data point.

To perform the hack:

Log out of LinkedIn. The rest is best explained by the four screenshots below.

This is how registered emails and phone numbers show up vs. unregistered, on the login page. (Type something random and long as a password and press “sign in”.)



Tip: Pace yourself (if you know what I mean)! If you start seeing cows or sheep to rotate, changing your IP address would help.
Automating the hack to run over a list of contacts would be a next-to-impossible task.

That’s it.

(To my readers: I do not know if there is a way to reliably identify someone by phone on LinkedIn – if you do, I would love to hear!)

“Hacks” make monotonous parts of research work quicker, add discoverability to data, and fun to work. 🙂

As a piece of news, David Galley and I are finalizing the 4th fully updated edition of the popular eBook, “Sourcing Hacks” (available for pre-order).

Join us for an interactive preview of an expanded set of Sourcing Hacks in the upcoming webinar this Thursday. Expect to learn a good number of new sourcing hacks we have uncovered. Attendance includes:

  • the slides complementing the ebook’s examples
  • video recording for you to keep
  • get the ebook (as soon as it is ready) at a discount
  • one month of online support.

If you learn from video, audio, or interaction and practice better than from reading books, this webinar is for you!

 

Leave a Reply