Skip to navigation
Latest News

O2 apologises as it plugs phone number leak

mobile security

By Nicole Kobie

Posted on 25 Jan 2012 at 15:43

O2 has quickly fixed a flaw that leaked customer phone numbers to websites they visited - but admitted it still hands such data to some "trusted partners".

The flaw, uncovered by system administrator Lewis Peckover, meant websites could have potentially harvested phone numbers from visitors on O2's network, causing an uproar over privacy concerns.

The mobile operator said it normally passes phone numbers to "trusted partners", such as for billing reasons, but said such information was mistakenly passed to other sites since 10 January after "technical changes" following "routine maintenance".

We investigated, identified and fixed it this afternoon

"We have seen the report published this morning suggesting the potential for disclosure of customers’ mobile phone numbers to website owners," O2 said in a statement on its website.

"We investigated, identified and fixed it this afternoon," it added. "We would like to apologise for the concern we have caused."

However, O2 noted that it does share mobile numbers with some websites, for age verification, billing for premium content such as downloads or ringtones, and to identify O2 customers on its own sites.

"When you browse from an O2 mobile, we add the user's mobile number to this technical information, but only with certain trusted partners," O2 said. "This is standard industry practice."

However, Peckover noted: "Some questions still remain about which 'trusted partners' do get to see your phone number, but I'm not holding my breath for a response on that one."

We've asked for clarification on what sites O2 considers "trusted partners", but have yet to hear back from the firm.

O2 claimed the phone numbers could not be linked to other identifying information about customers, and confirmed the original report that the leak only occurred over 3G, not Wi-Fi.

The mobile operator has said it is working with the Information Commissioner's Office regarding the incident, and has also been in touch with Ofcom.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Is it just O2?

Or do other telecommunication companies also share your mobile number with "Trusted" websites?

By Firhill on 25 Jan 2012

It is common

Nearly all telecoms companies pass this info to sites. This is why someone will cold call you even though you have never given them your number or even if you are unlisted. This blatantly disregards your right to privacy and inundates you with unwanted spam calls
This should be made illegal and they made to only be able to divulge this info to sites that require it for age verification or billing. Though it is not a very good way of age verification as kids can use their parents phone to get content that they should not get..

By curiousclive on 25 Jan 2012

Privacy Dumped

There really was no excuse for this.
Details should have been encrypted so that ONLY those who are trusted partners would have been privy to decoding that information.
I also concur with curiousclive that unlisted numbers should not be divulged.

On the subject of privacy I noted an advert from a company XXXXX "You do not appear to be using XXXXX browser.. click here to download XXXXX Browser free".

What has it got to do with XXXXX what browser I WISH to use?

Stop your spying XXXXX !

By lenmontieth on 25 Jan 2012

Trusted Partners!!!

Umm me thinks "trusted partner" means, oh ill bung you a few quid let me have your customers phone numbers, just because a mobile operator wants to extract as much cash as possible, plus if you do call a "trusted partner" back you may get charged a high call rate, that then goes back to the mobile operator.

When financial transactions take place a balanced view can sometimes go out of the window, as profit rides rough-shot over other concerns.

Look at mobile ring tones, how many people have been shocked when they got their bill's and found themselves paying out vast sums because the mobile operator has "trusted" them

Do these mobile operators run teams of people who insist that the potential "trusted partner" opens up their financials to see if they can be trusted, don't we own our phone numbers, as we can move that number to another operator.

Surely a phone number is data and that data is being misused!!, I would think that we have a right to know who our data is being shared with.

What's the situation with the data protection act?

By Chrisfjr1300 on 26 Jan 2012

Leave a comment

You need to Login or Register to comment.



Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing


Sponsored Links

Your email:

Your password:

remember me


Hitwise Top 10 Website 2010

PCPro-Computing in the Real World Printed from

Register to receive our regular email newsletter at

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.