9 comments

[ 2.4 ms ] story [ 13.8 ms ] thread
Does this work with vanity usernames e.g. facebook.com/ChrisHughes
Custom IDs were not part of the leak, only number IDs and phone numbers
I open-sourced the aggregation pipeline : https://github.com/arnaudsm/fbleak

The system I implemented is similar to https://haveibeenpwned.com/, and could evolve into an open-source clone of Troy Hunt's tool.

You may want to specify the phone number format you accept on the form, ie no dashes or other symbols
Thanks, what is your browser? (I thought `<input type="number">`would be enough)
It allows you to input non-numbers (e.g. with paste). My recommendation would be to strip out any non-numeric characters after the user clicks the button