There are various reverse caller databases floating around. I forget the name of the database but there was a talk at HOPE 2010 less than a month ago about abusing VOIP providers and caller ID spoofing to scan through and map large blocks of cellphone numbers at a time. Apparently there are wholesale resellers of caller ID lookup databases and some cellphone companies are more than happy to associate the name on the account with individual cellphone entries in their reverse databases.

With such a system if you know what possible area codes/exchanges they might be in and what their name is you had very good odds of finding AT&T and T-Mobile customers. Verizon wasn't really discussed.

Of course social engineering the number from you might be a lot easier the first time... ;)