Few hours back we reported that UK Carrier O2 was sending customer phone numbers in the header information to every website they visited, which had raised serious privacy concerns.
Immediately after posting the article, O2 had tweeted to tell us that they were looking into the issue on priority. They’ve just published a blog post to confirm the issue has been fixed and has provided the more information about the incident.
Security is of the utmost importance to us and we take the protection of our customers’ data extremely seriously.
We have seen the report published this morning suggesting the potential for disclosure of customers’ mobile phone numbers to website owners.
We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused.
According to O2, the incident occurred due to a bug that was introduced when they made some technical changes on January 10th as part of a routine maintenance.
The issue affected O2 customers accessing websites on their mobile phone on O2’s 3G network or were using their WAP services.
O2 has also revealed that they share customer mobile numbers with some of the their trusted partners.
Q: Which websites do you normally share my mobile number with?
A: Only where absolutely required by trusted partners who work with us on age verification, premium content billing, such as for downloads, and O2’s own services, have access to these mobile numbers.
You can check out the entire blog post along with the FAQ about the bug on O2’s blog.