O2 apologises as it plugs phone number leak
By Nicole Kobie
Posted on 25 Jan 2012 at 15:43
O2 has quickly fixed a flaw that leaked customer phone numbers to websites they visited - but admitted it still hands such data to some "trusted partners".
The flaw, uncovered by system administrator Lewis Peckover, meant websites could have potentially harvested phone numbers from visitors on O2's network, causing an uproar over privacy concerns.
The mobile operator said it normally passes phone numbers to "trusted partners", such as for billing reasons, but said such information was mistakenly passed to other sites since 10 January after "technical changes" following "routine maintenance".
We investigated, identified and fixed it this afternoon
"We have seen the report published this morning suggesting the potential for disclosure of customers’ mobile phone numbers to website owners," O2 said in a statement on its website.
"We investigated, identified and fixed it this afternoon," it added. "We would like to apologise for the concern we have caused."
However, O2 noted that it does share mobile numbers with some websites, for age verification, billing for premium content such as downloads or ringtones, and to identify O2 customers on its own sites.
"When you browse from an O2 mobile, we add the user's mobile number to this technical information, but only with certain trusted partners," O2 said. "This is standard industry practice."
However, Peckover noted: "Some questions still remain about which 'trusted partners' do get to see your phone number, but I'm not holding my breath for a response on that one."
We've asked for clarification on what sites O2 considers "trusted partners", but have yet to hear back from the firm.
O2 claimed the phone numbers could not be linked to other identifying information about customers, and confirmed the original report that the leak only occurred over 3G, not Wi-Fi.
The mobile operator has said it is working with the Information Commissioner's Office regarding the incident, and has also been in touch with Ofcom.
Is it just O2?
Or do other telecommunication companies also share your mobile number with "Trusted" websites?
By Firhill on 25 Jan 2012
It is common
Nearly all telecoms companies pass this info to sites. This is why someone will cold call you even though you have never given them your number or even if you are unlisted. This blatantly disregards your right to privacy and inundates you with unwanted spam calls
This should be made illegal and they made to only be able to divulge this info to sites that require it for age verification or billing. Though it is not a very good way of age verification as kids can use their parents phone to get content that they should not get..
By curiousclive on 25 Jan 2012
There really was no excuse for this.
Details should have been encrypted so that ONLY those who are trusted partners would have been privy to decoding that information.
I also concur with curiousclive that unlisted numbers should not be divulged.
On the subject of privacy I noted an advert from a company XXXXX "You do not appear to be using XXXXX browser.. click here to download XXXXX Browser free".
What has it got to do with XXXXX what browser I WISH to use?
Stop your spying XXXXX !
By lenmontieth on 25 Jan 2012
Umm me thinks "trusted partner" means, oh ill bung you a few quid let me have your customers phone numbers, just because a mobile operator wants to extract as much cash as possible, plus if you do call a "trusted partner" back you may get charged a high call rate, that then goes back to the mobile operator.
When financial transactions take place a balanced view can sometimes go out of the window, as profit rides rough-shot over other concerns.
Look at mobile ring tones, how many people have been shocked when they got their bill's and found themselves paying out vast sums because the mobile operator has "trusted" them
Do these mobile operators run teams of people who insist that the potential "trusted partner" opens up their financials to see if they can be trusted, don't we own our phone numbers, as we can move that number to another operator.
Surely a phone number is data and that data is being misused!!, I would think that we have a right to know who our data is being shared with.
What's the situation with the data protection act?
By Chrisfjr1300 on 26 Jan 2012
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software