UK Mobile Carrier Shared Phone Numbers With Any Website
Smartphone users in the United Kingdom are up in arms over the discovery that major wireless carrier O2 automatically transmitted customers' phone numbers to every website they visited while on the network.
Lewis Peckover, a Web systems analyst and O2 customer, detected that O2 was sharing his phone number as part of the data transmitted when establishing a connection between a user's mobile browser and the website's server, ZDNet reported.
The Information Commissioner's Office, the U.K.'s privacy authority, is investigating the infringement by O2 and whether or not the company violated the Data Protection Act by enabling a third party to identify the user.
"When people visit a website via their mobile phone, they would not expect their number to be made available to that website," the ICO said in a statement obtained by ZDNet. "We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed."
O2 took to its blog today (Jan. 25) and announced that it had fixed the problem.
"We investigated, identified and fixed it this afternoon," O2 said.
The company explained that "certain technical information about the machine you are using is passed to website owners," every time they browse the Web on their phone. O2 said it adds customers' mobile phone number to this batch of technical information, "but only with certain trusted partners."
Those trusted partners are given phone numbers "to manage age verification, which manages access to adult content; to enable third party content partners to bill for premium content such as downloads or ring tones that the customer has purchased; and to identity customers using O2 services."
The gaffe by which O2 transmitted phone numbers to every website was caused during routine maintenance on Jan. 10, and was fixed at 2 p.m. (GMT) today.
O2 assured that customers' mobile numbers could not have been linked to any other identifying information about them.
If you're worried that your smartphone is revealing your phone number to the websites you browse, turn off your phone's Wi-Fi connection, and go to this page set up by security researcher Colin Mulliner. If you see green, it means your phone is keeping your number private. If you see red, it's not.
SecurityNewsDaily tested phones from the four major U.S. carriers, and none were found transmitting the device's phone number to websites.