Skip to content

Tag: social media

A Tremendously Valuable OSINT Tip For Pinterest. (Yes Seriously, Pinterest)

A Tremendously Valuable OSINT Tip For Pinterest. (Yes Seriously, Pinterest)

Published by hatless1der on March 28, 2025

If you follow this blog, (hi mom!) you might think I’m somehow picking the most obscure platforms and coming up with some even more obscure OSINT tips for them (and you might be right), but if you follow this blog you probably also know that most of these tips are $$$. This tip on Pinterest is no exception, trust me.

It’s simple, it’s super useful, and it’s something I’ve successfully leveraged dozens and dozens of times over the years while investigating missing children online to discover case-breaking leads.

We’ll get to it in just a second, but first, for the sake of SEO and maintaining my spot on page 14 of OSINT blog search results, I need to say a few words…

Wait! Is this one of those blogs written like an annoying recipe website, where you have to read 10 pages of the author’s boring-ass life story before you find out how much canned chicken to put in the casserole your kids will be throwing in the trash in 45 minutes?

No, but now that I have your attention – the whole point of tricks like this one is that you’ve prioritized taking the time to actually understand the platforms you’re doing your investigative work on. Knowing their features and functions are vital to figuring out little wonders like this.

By the way it’s 1 can of chicken to go with the 1/2c mayo, and 2 cooking soups you mix with the cooked noodles.

So anyway… Pinterest? Yes, the… um… social media website pin-board thing [Googles “what is a Pinterest”]

According to data that I definitely knew off the top of my head and did not just look up using the aforementioned search engine: Pinterest is the 15th most used social media platform with 550M+ monthly users. For people using it, again definitely without looking any of this up, Pinterest is the 5th most popular social commerce platform.

So a lot of people use it, so what?

Well, our username research very often uncovers a seemingly useless Pinterest profile whose tab is promptly closed and ignored in most investigations. This is a huge mistake, let me tell you why…

Pinterest has a feature for signing up that allows you to sign up using your Google account, which does something magical for us in the OSINT world.

See, when you use the log in using Google feature (as many, many, many users do), Pinterest does something fantastic: they take the username portion of your email address, and make it your Pinterest username by default!

What does this mean, Griffin??? Why are you so excited about this??? Why does your generation think using 3 repeating question marks is ok???

It means in some cases we can reverse-engineer our target’s email address by putting it in front of the @emaildomain.com of our choice, and doing our email validation work to… well, validate it.

Boom!

Now, before I get too far along and the comment police come for me, let’s also discuss the limitations of this trick, because there are a few.

Like so many great tips:

First, Pinterest users can change their username in their settings (but really, who has time to do that when there are so many [checks notes] pins to… pin?)
Second, not everyone signs up this way. Some people with infinite free time may want to create an account the old fashioned way with a login and password like a maniac.
Third, I would assume username collisions happen with an app of this size and though I haven’t tested it, I also assume they make you pick or assign you a different username. (one of the infinite free time people can feel free to test that out)


Finally – remember that you always have to VALIDATE. Just because you get a positive result with the email address you’ve guessed, does not necessarily mean it belongs to your target. (See 1, 2, and 3 above)

Hopefully, this idea has opened your mind to thinking about what other applications who offer this function might provide you with a similar investigative opportunity. I have no doubt there are others out there!

If you’re not quite sure how to work with an email address to validate it, discover its use, or connect it to user accounts… I recommend reading this other very wordy and very poorly written blog: Advanced OSINT: The Art of Pivoting.

That’s it! That’s the tip for this one. Small, but oh so very mighty. I hope it helps you do some good out there in the world, it definitely has for me.

Bake at 350 for 25 minutes, then add cheese for the last 5 minutes.

Threads.net Is Hiding Some OSINT Secrets You Definitely Need To Know

Published by hatless1der on October 10, 2024

Threads, you say? The Dane Cook of social media???
(Shout out to the Archer fans out there who got that obscure joke)

If you’ve been on Instagram over the past year, you’ve no doubt seen some profiles sporting that strange, extra squiggly looking @ symbol and perhaps you’ve even accidentally waded into Meta’s head-scratching approach to microblogging (think Twitter. yes I know it’s X, no one cares).

That little symbol on a persons Insta serves as a gateway to Threads.net and while you may have ignored it in the past, I’m going to tell you several really important reasons you’ll want to make is a part of your next SOCMINT adventure. I won’t be taking the time to fully break down the platform for you, apologies to everyone who anxiously awaits my next long-winded blog post (hi mom). For this write-up, it’s just the hits.

Clicking on the Threads icon on an Instagram profile will take you to a page that looks something like this, without requiring login to access:

Tip #1: Just because you don’t see the @ symbol linked on an Instagram profile, doesn’t mean the user doesn’t have Threads.

That’s right! Users need not link to Threads on their Instagram profile, and I’m finding more and more that users do in fact have a Threads account, yet nothing is shown on their IG. Now I check for Threads every time I see an IG account. This revelation is more important than you might realize. (More on why in the following tips)

So how do we get there when no link exists? The simple way is to append the Instagram username to the following URL: 

https://threads.net/@___________________

Not simple enough for you? Ok fine, in the true spirit of Midwest Nice, I went ahead and made a push-button solution for you, a simple bookmarklet you can place in your browsers bookmark bar and click any time you’re on an Instagram profile. This will grab the IG username and open a Threads tab to check for the presence of an account there for you at the push of a button.
You’re welcome, and I’d better see a 2 finger steering-wheel wave out of you if we ever pass each other on a gravel road someday.

Access the bookmarklet and instructions for using it, alongside our library of other awesome OSINT bookmarklets at https://tools.myosint.training OR copy and paste the below code into a bookmark you add to your browser:

javascript:(function(){var url=window.location.href;if(url.includes("instagram.com/")){var username=url.split("instagram.com/")[1].split("/")[0];var newUrl="https://threads.net/@"+username;window.open(newUrl,"_blank");}else{alert("This is not an Instagram page.");}})();

Tip #2: Despite sharing the same username as the person’s IG profile, Threads DOES NOT have to have the same pic or bio.

This is big! Those of you conducing online research know that it can be the smallest digital breadcrumb that breaks open your investigation. User supplied information is the centerpiece of successful pivoting, and knowing there’s another bio hiding on Threads can be an absolute game changer and in some cases, can help with validating that you have the right user on Insta, when that profile was set to private.

On top of all this, when an Instagram profile photo doesn’t reveal anything useful, there might be a much more helpful photo just a click away in Threads. Like here:

Bonus tip for you…
Wondering how you can easily access the full Instagram profile photo without having to right click on the page, Inspect, and work your way around the source code? We’ve got a free bookmarklet for that too! One click and the profile photo, in full size, is opened in a new tab enabling you to save it.

Tip #3: Follower/following lists on Threads are set to public by default, regardless of the person’s Instagram privacy settings.

These days more and more I run into private Instagram accounts where the follower/following lists are not clickable and therefore not searchable. Threads, on the other had, I’ve found to be most often public. Being able to examine the connections to someone’s social media account is a HUGE benefit for our investigations. I could probably write a whole blog just on different stories of times where a public list of connections opened otherwise completely unfindable doors.

Now, follower/following lists on Threads are not apples to apples vs a user’s Instagram follower/following, of course. I consider the Threads connections to be (mostly) a subset of the person’s IG connections. Here I’m making an inference, but what this allows me to do is pivot off to other users on the Instagram platform who may have more publicly available profile info or have more uncommon names, making my subject’s circle of friends and family more easy to find on other platforms. And in the absence of public access to IG followers, well I’ll take anything I can get. There’s an art to this, my friends!

Bonus tip for you…
When an IG follower/following list is publicly viewable, remember that the accounts appear in the order they were added, meaning the first account followed is all the way at the bottom. Why is this important? Well, when I’m looking for someone’s 2nd, 3rd, or beyond social media account, or when I need to find a more current account for someone and only have an old one… knowing who they first followed can give me a short list of accounts who may be important enough in my subject’s life that any additional accounts they might have would also follow some of those same people.

Oh, I do need to add at least 1 disappointing thing, lest the internet trolls come complaining in the comments… In order to view the follower/following lists on Threads, you do have to be logged in. The rest of what I mentioned is all wide open, at least for now. One thing you can ALWAYS count on with Meta is that something on their platforms will change, the moment you start to like it.

That’s it for this one. Sorry for the long delays between blogs, but hopefully you’ve caught some of the other OSINT community things I’ve been doing these days. Never enough hours in the day (he says, while writing a hobby blog in the middle of the night).

Think Private Facebook Profiles Pages Are A Dead End? Think Again!

Published by hatless1der on August 13, 2020

As the old saying goes… Facebook giveth, and Facebook taketh away (RIP graph search #neverforget).

Well, in late 2019, Facebook did a little bit (a lotta bit, actually) of both, with their facelift and feature overhaul, creating “new Facebook”. Different search options, new buttons, and an all-around different feel, sent many of us change-resistant folk into angry fits. After all, we’ve been betrayed before! Is this the Decline of Facebook Civilization part 2? (obscure 80s hair-metal movie reference)

If you’re using “new Facebook” perhaps not…

Let’s say you’ve finally arrived, after much strategic pivoting and searching, at your target’s personal profile page. Sweet success! You click excitedly and reach for the champagne as the page loads, but just as you’re about to get your Dom Perignon buzz on, you see it… their wall is blank. No photos, no posts, nothing but a single profile photo set atop a banner with empty boxes underneath. An investigative slap in the face for sure, especially when you’d been expecting to find troves of delightful SOCMINT goodness. How could this be? You had plans! You had dreams!

Now, before you pack up your investigative bags and head for Instagram, I have a little something you might want to see. “New” Facebook added a handy little feature that just might open some doors you weren’t expecting, doors that might remind you of the glorious graph search of old (seriously, #neverforget). That little search button on side of the profile page? It’s not just for what you can see. Here, let me show you…

Notice the profile page is of no use to us at all. Locked down… No photos, no friends, nothing. (profile photo and banner photo are redacted). Well… why don’t we click on that search button and type in the profile owner’s first name as it appears on the page:

BOOM! Suddenly, we’ve got something to look at besides an empty wall! Not only do we get several new photos of our target, but we’ve also acquired new pivot points, namely an account we’ll refer to as “A” who posted “family photos on a beautiful day”. But we’re not done yet…
Let’s try searching for the full first and last name as it appears on the profile:

Different photos! Not only that, but we have a potential fiancée’s name thanks to the photographer’s captions, and since the posts are several years old, let’s suppose they might have tied the knot and now we have the name of this person’s potential wife. Another pivot point!

A quick search for just the target profile’s last name by itself yields yet another unique photo and a business check in:

Now, before we get too far along with searches on our target profile, let’s pivot to the “A” account page on a new tab, and try searching there for our target’s first name:

You guessed it, more photos! Not only that, we see our target is being called Uncle, and his fiancée is being called Aunt. From there, we can surmise the marriage likely took place, and we now have a spouse, and another source of potential intel to work from.
Moving back to our target’s profile page, there are a number of other things worth searching that may yield even more new results. How about searching happy birthday?

Just like that, we have a potential birth date for our target profile owner, and the name of a brother, along with a (redacted) photo of both.

From this point we can go on and on, but I think you get the idea. Pivot to the other profile pages, search their walls for the target profile’s name, find more photos, find more names, search those names on the wall, and continue to expand this person’s network. The possibilities are limited only by your imagination. (and Facebook’s AI, but who understands that stuff anyway?) What about searching words like: mother, father, family, Christmas, Thanksgiving, work, love…?

Remember a few minutes ago when we were frustrated and ready to walk away from this account, and mark it as stone cold? Instead, we used this handy little trick and in just a few minutes, we’ve developed photos, a birthday, a spouse, a brother, some associates, and several other places to look for even more information. It went from a dead end to a small gold mine in just a matter of minutes because we knew where to look!

Next time you find yourself arriving at a target profile page, give this trick a try.  
Even those pages which are already more open will still yield information you didn’t expect, or would have had to dig, and dig, and dig to find. Let Facebook’s AI turn your searches to intelligence and click that button! We’ll call it graph search junior, for as long as it lasts.