O2 apologises as it plugs phone number leak
By Nicole Kobie
Posted on 25 Jan 2012 at 15:43
O2 has quickly fixed a flaw that leaked customer phone numbers to websites they visited - but admitted it still hands such data to some "trusted partners".
The flaw, uncovered by system administrator Lewis Peckover, meant websites could have potentially harvested phone numbers from visitors on O2's network, causing an uproar over privacy concerns.
The mobile operator said it normally passes phone numbers to "trusted partners", such as for billing reasons, but said such information was mistakenly passed to other sites since 10 January after "technical changes" following "routine maintenance".
We investigated, identified and fixed it this afternoon
"We have seen the report published this morning suggesting the potential for disclosure of customers’ mobile phone numbers to website owners," O2 said in a statement on its website.
"We investigated, identified and fixed it this afternoon," it added. "We would like to apologise for the concern we have caused."
However, O2 noted that it does share mobile numbers with some websites, for age verification, billing for premium content such as downloads or ringtones, and to identify O2 customers on its own sites.
"When you browse from an O2 mobile, we add the user's mobile number to this technical information, but only with certain trusted partners," O2 said. "This is standard industry practice."
However, Peckover noted: "Some questions still remain about which 'trusted partners' do get to see your phone number, but I'm not holding my breath for a response on that one."
We've asked for clarification on what sites O2 considers "trusted partners", but have yet to hear back from the firm.
O2 claimed the phone numbers could not be linked to other identifying information about customers, and confirmed the original report that the leak only occurred over 3G, not Wi-Fi.
The mobile operator has said it is working with the Information Commissioner's Office regarding the incident, and has also been in touch with Ofcom.
Is it just O2?
Or do other telecommunication companies also share your mobile number with "Trusted" websites?
By Firhill on 25 Jan 2012
It is common
Nearly all telecoms companies pass this info to sites. This is why someone will cold call you even though you have never given them your number or even if you are unlisted. This blatantly disregards your right to privacy and inundates you with unwanted spam calls
This should be made illegal and they made to only be able to divulge this info to sites that require it for age verification or billing. Though it is not a very good way of age verification as kids can use their parents phone to get content that they should not get..
By curiousclive on 25 Jan 2012
There really was no excuse for this.
Details should have been encrypted so that ONLY those who are trusted partners would have been privy to decoding that information.
I also concur with curiousclive that unlisted numbers should not be divulged.
On the subject of privacy I noted an advert from a company XXXXX "You do not appear to be using XXXXX browser.. click here to download XXXXX Browser free".
What has it got to do with XXXXX what browser I WISH to use?
Stop your spying XXXXX !
By lenmontieth on 25 Jan 2012
Umm me thinks "trusted partner" means, oh ill bung you a few quid let me have your customers phone numbers, just because a mobile operator wants to extract as much cash as possible, plus if you do call a "trusted partner" back you may get charged a high call rate, that then goes back to the mobile operator.
When financial transactions take place a balanced view can sometimes go out of the window, as profit rides rough-shot over other concerns.
Look at mobile ring tones, how many people have been shocked when they got their bill's and found themselves paying out vast sums because the mobile operator has "trusted" them
Do these mobile operators run teams of people who insist that the potential "trusted partner" opens up their financials to see if they can be trusted, don't we own our phone numbers, as we can move that number to another operator.
Surely a phone number is data and that data is being misused!!, I would think that we have a right to know who our data is being shared with.
What's the situation with the data protection act?
By Chrisfjr1300 on 26 Jan 2012
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords