Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

O2 caught sending mobile phone numbers to websites

Claims issue occurred due to maintenance error

Article comments

UK network O2 has found itself at the centre of an embarrassing data privacy storm after it emerged that it allows websites to see the mobile numbers of all subscribers that browse the Internet using its 3G data service.

The controversy was set off by a single O2 user, Lewis Peckover, who noticed that his mobile number was being sent to every website embedded in plain text as part of the http header.

Extraordinarily, the numbers appears to be forwarded by O2’s own servers when users connect to the Internet through its 3G service; anyone using a WiFi connection will not be affected because they are not traversing that infrastructure.

Given the potential for websites to capture numbers for text spamming, annoyed users have bombarded O2’s Twitter feed with complaints to which the network found itself responding with a stock tweet to every user who raised the issue.

“Hi there, we're looking into this as we speak - it's important to us. Once we've got an update, we'll share it,” tweeted O2.

It turns out that the issue is not new. Graham Cluley of Sophos points out that the issue was first made public in March 2010 at the CanSecWest conference in Vancouver by researcher Collin Mulliner.

The proxying by O2 is not particularly surprising, indeed all mobile networks probably do it to optimise web traffic to cross their hard-pressed 3G networks efficiently. The question is why O2 thinks it important to insert a sensitive piece of information such as a mobile phone number into data sent to websites.

It could just be inserted automatically without the intention having been to give websites the ability to see phone numbers.

So far rival networks – Vodafone, 3 and Orange/T-Mobile - don’t appear to be affected by the number forwarding issue.

O2 later released a statement confirming the forwarding issue had occurred due to a routine maintenance error between 10 and 25 January 2012 which it said it had now rectified.

"We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused," O2 said.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *