O2 admits privacy breach has lasted two weeks


Operator says it has fixed problem which shared numbers with any website visited from an O2 phone, which it says was caused by  “routine maintenance” work carried out on January 10

O2 has admitted that a technical fault has led to O2 customers revealing their mobile numbers to any website they visited from their O2 device for the last two weeks.

The operator says that as of 2PM January 25 it has fixed the fault, which has been exposing user’s mobile numbers since January 10.

Yesterday (January 24) a London-based programmer called Lewis Peckover revealed that O2 handsets were including user customer numbers in “header” information that all devices send to websites.

This information is designed to help websites optimise pages for specific devices and operating systems, but does not normally carry identifying information such as a user’s mobile number.

O2 said that it as standard it shares mobile numbers only with “certain trusted partners” that O2 cooperates with in areas such as age verification or billing, but that an error had led to this information being transmitted far more widely.

O2 said that sharing numbers with selected partners was a standard practice across the industry.

However, neither Three, Vodafone or EVerything Everywhere were affected. BlackBerry users also apparently avoided

An official O2 blog said: “Technical changes we implemented as part of routine maintenance had the unintended effect of making it possible in certain circumstances for website owners to see the mobile numbers of those browsing their site.”

An O2 spokesperson added: “We would like to apologise for the concern we have caused.”

O2 said it was cooperating with an investigation by the Information Commissioner’s Office, and was in contact with regulator Ofcom.