Lack of standardization of the password reset procedures of web services can help hackers find the phone number linked to a victim's email address.
Online services have implemented mechanisms to allow users to change the login password in case they lose or want a stronger one. The email address associated with the account is necessary for the procedure.
Where a phone number is available, service providers offer mobile text or voice options to receive a temporary code. This is to verify that the legitimate owner of the account initiated the password reset procedure. Alternatively, users can initiate the procedure by providing a phone number to get an email address. In both cases, only bits of information are revealed.
Massive Instagram Data Breach Exposes Personal Details of 17.5 Million Users
Polish Logistics Giant InPost Allegedly Breached with 2 Million Employee Records Exposed