O2 sends customer mobile numbers to websites!

UK mobile network O2 have been caught passing customers mobile numbers to websites in plain text.

Its common practice for web browsers both on computers and mobiles to provide some identifying information to websites, generally information such as what IP address, which operating system is in use and browser being used etc. however O2 has been adding a little bit of extra identication in the form of their customers mobile phone number!

Its not known yet whether this has happened as a result of a genuine error on O2's part or whether it was by design. The issue was found by @lewispeckover and is suspected to be down to a configuration issue on O2's proxy servers.

Potentially this could have been a major security risk and crafty scammers could have constructed elaborate scams by sending a user an email which included image links to an external site which would they would then have been able to extract the mobile number.

The issue has now been fixed by O2 and doesn't appear to be an issue on other mobile networks. If you are concerned you can check out O2's official response here.

According to the O2 blog, mobile phone numbers should only be shared with trusted partners websites, however they haven't named who these are, watch this space!

Source:Gizmodo and thinkbroadband

Latest Articles