O2 UK has blamed a technical change for inadvertently making customers’ mobile phone numbers available to website owners. The issue was reported yesterday by web systems administrator Lewis Peckover, who demonstrated the problem online.
Although certain technical information about the mobile browser is always passed to website owners, O2 had chosen to add a customer’s mobile number to this data for certain “trusted partners”. This enabled age verification and operator billing, for example.
However, a technical change two weeks ago had led to the user’s O2 mobile number being made available to all websites. The problem has now been fixed and O2 has assured customers that no other information was passed on.
The basic issue was in the headlines two years ago; Collin Mulliner presented details of his security concerns at the 2010 CanSecWest conference.
[O2 blog; TheFonecast.com article from 2010]