In what appears to be a shocking breach of privacy, reports are indicating that UK British cellphone carrier O2 is sending a customer’s mobile number to every website they visit on their phone.
Lewis Peckover unearthed the problem this week, and so far it seems that it’s not just O2 customers affected – phone numbers are also being shared by O2’s Mobile Virtual Network Operators (MVNO), GiffGaff and Tesco Mobile.
The mobile numbers are included in easily-readable HTTP header traffic, and to see if you’re affected, browse to this website – remember to disable wifi on your device, and don’t use a proxying browser like opera mini.
Other networks like Orange, Three and Vodafone are unaffected.
While Twitter users have exploded in anger at the news, O2 say they are “investigating this at the moment and will update everyone as soon as [it] can.”
Are you affected?
Check your number here or use this general privacy checker.
For more info, read this article on the Sophos security site: Is your smartphone telling every website you visit your telephone number?
Update: O2 has apparently fixed the loophole.
[Via]
scary…
I just got a call from a Manchester number saying it was about “my o2 phone upgrade”…yeah right
I told them my number was registered on the TPS and they better check their databases to avoid getting whomped by the Data Protection Agency