Location-based Social Discovery (LBSD) services enable users to discover their geographic neighborhoods to make new friends. Original LBSD services were designed to provide the exact distances to nearby users. It has been shown that it is easy to pinpoint any target user's location by using trilateration based on the exact distances from three fake GPS locations to the target user. To thwart the trilateration attack, contemporary LBSD services then began to report distances of nearby users in concentric bands, e.g., bands of 100 meters. In this paper, we investigate the user location privacy leakage problem in LBSD services reporting distances in discrete bands. Using number theory, we analytically show that by strategically placing multiple virtual probes with contrived fake GPS locations, one can nevertheless pinpoint user locations in band-based LBSD. Our methodology guarantees to pinpoint any reported user within an area bounded by one square meter, even for LBSD services using large bands (such as 100m as used by WeChat). To the best of our knowledge, this is the first work that explicitly exploits and quantifies user location privacy leakage in band-based LBSD services. Our study is expected to draw more public attention to this serious privacy issue and hopefully motivate better privacy-preserving LBSD designs.