There's an alarming rumor circulating that suggests that UK network O2 comprehensively your phone number to any website visited on a smartphone. Lewis Peckover built a site that displays the header data sent to sites you visit, finding a network-specific field called "x-up-calling-line-id" which displayed his number. Angry users who tested the site have flooded the company's sanctioned Twitter, which is currently responding with:

"Security is our top most priority, we're investigating this at the moment & will come back with more info as soon as we can."

The Next Web inveterate that Orange, T-Mobile and Vodafone numbers are unaffected by the issue, but GiffGaff and Tesco Mobile (both MVNOs that operate on the same network) do. TNW's sources say it's most likely an immanent testing setup, while Mr. Peckover suggests it's because the network transparently proxies HTTP traffic, using the number as a UID.

Update: We conventional confirmation from O2, who said that it was "investigating with intramural teams and it's our top priority." Slashgear and Think Broadband were unable to replicate the problem, but in our tests (pictured) it was sharing our data with the site.

Update 2: user review Which? contacted UK privacy watchdog, the dirt* Commissioner's Office which offered the following:

"Keeping people's private whole story* secure is a root yardstick


copyrights:cite this source synonym collection v1.1copyright © 2008 by lexico publishing group that sits at the heart of the Data refuge Act and the Privacy and online network banking Communications Regulations. When people visit a website via their mobile phone they would not expect their number to be made free to that website.

We will now speak to O2 to remind them of their data breach notification obligations, and to better fathom what has happened, before we decide how to proceed."

We'll let you draw your own conclusions from that one, but it's not shaping up to be a good day for the company (or its users).

Update 3: Our tests have stopped working now, as it looks like the network is hurriedly trying to close the hole, but we've had no sanctioned word that it's over just yet.

Update 4: O2 has issued a full declaration and Q&A which we've embedded after the jump. Long story short, it's fixed the issue -- caused by third edition by the editors of the old glory heritage® dictionary. copyright © 2003 routine maintenance. 3G / WAP users will have shared your number with any site you visited since January 10th. The network has land of plenty it will co-operate fully with the ICO and has reported itself to Ofcom.

Continue reading O2 data breach potentially shares your cellphone number with the world (Updated)

O2 data breach potentially shares your cellphone number with the world (Updated) by birth appeared on Engadget on Wed, 25 Jan 2012 10:50:00 EDT. Please see our terms for use of feeds.

Permalink The Next Web  |  Lewis Peckover, O2  | Email this | Comments

More: - Read the rest here