Mobile phone operator O2 admits some of its customers’ numbers have been exposed while they browsed the internet using their smartphones – but tells Channel 4 News the issue is now fixed.
The numbers were given to website owners when O2 customers accessed their sites on smartphones. It is normal for websites to take basic information such as what browser was used to access the website, but mobile phone numbers are not generally included in this.
The flaw was uncovered by Lewis Peckover, a system administrator for a gaming company, who said he was “shocked” by his discovery.
A spokeswoman for the Information Commissioner’s Office told Channel 4 News: “When people visit a website via their mobile phone they would not expect their number to be made available to that website.
“We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed.”
O2 has since rectified the issue, which it said was caused accidentally during routine maintenance two weeks ago, and apologised. A spokesman told Channel 4 News the technical glitch was fixed quickly.
O2 said: “We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused.”
However, in a question and answer section on the issue on its website, O2 did admit that it shares mobile numbers with “selected trusted partners” as a matter of course.
What data can website owners see?
When you access a website, you are giving a lot of information to the website provider. If you access it from a computer, it can take information like the browser you are using.
From a smartphone, it's even more - including what handset you have, whether you have recently updated your software and even how big your screen is.
Do you think this is unacceptable, or are people overreacting? Get in touch with Channel 4 News on Facebook or Twitter @channel4news.
A spokesman told Channel 4 News this was standard industry practice and only done where necessary, for three key reasons. Firstly, to manage services which require age verification to access adult content; secondly, to enable third party content providers to bill for premium content such as downloads or ring tones purchased by the customer; and thirdly to identify customers using O2 services like My O2.
He said customers who received texts from other businesses were not getting them because of this kind of number sharing, but as a result of marketing and other systems signed up to by O2 customers, such as O2 More.
While the issue was quickly fixed, it is the latest security scare to hit smartphones.
Dave Whitelegg, an IT security expert, described smartphones as a “fraudster’s paradise” on his blog, and security firm Kaspersky says the number of threats to smartphones has doubled in the past two years. You can find out more on the risks to your phone in the Channel 4 News investigation: Is your smartphone under threat from hacking?
How to protect your phone
• Update your mobile phone's operating system regularly. Most manufacturers offer one every few months.
• Think carefully about clicking on a link from someone you don't know or that is obscured by a URL shortener like Bit.ly.
• Use caution when opening an attachment.
• Consider installing a well known anti-virus system for your phone such as Kaspersky. Apple's iPhone has a more secure system than most, so there may be less need for anti-virus software.
• Create a security code to enter your phone.
• Think of your phone as a computer, not just a device to make calls on.
Benjamin Cohen on Technology: Treat your phone like a PC? Then you'll need to consider viruses