O2 accused of sharing mobile numbers with websites


Twitter storm erupts over reports operator is putting customer’s phone numbers in header information sent to websites they visit

O2 has been accused of revealing customer phone numbers in information sent from mobile browsers to websites.

Twitter users have been complaining about the network’s apparent breach of customer privacy since it was revealed yesterday (January 24) by user Lewis Peckover.

According to Peckover, the number appears in “header” information telling websites how best to display a page for a user’s specific handset and operating system.

The header data is not normally recorded by a website, but could easily be seen by a site administrator and used for malicious purposes, such as sending phishing SMS messages.

A similar breach is reportedly affecting users on O2 MVNOs Tesco Mobile and GiffGaff, but no similar breach has so far been identified on Vodafone, Everything Everywhere or Three.

BlackBerry devices, which forward traffic through their own servers, also appear unaffected by the problem.

One Twitter user said: “I’m outraged this even happened.@O2 need to both fix this quick, AND explain why they decided to volunteer our numbers in the first place.”

Online reports suggest O2 is trying to deal with the problem, however a test by Mobile News this morning (Jan 25) appeared to show that a Nokia Lumia 800 on O2 was still sending phone number information in the header.