Skip to main content

O2 caught sharing customers mobile phone number with websites

Broadband news website has published an article that details O2 is passingthe phone number of their customers to every website visited, when that user on their network access the internet from a handset.

Thinkbroadband's post goes on to mention that O2 sends this information within the HTTP headers, which normally contains information about how content can be displayed on the device.

"These headers are not normally seen by users, and usually not logged by most websites, but the flaw allows malicious sites to get more personal information about you than you may be willing to share", added the website.

The news site has stated an example, where if you open an e-mail that includes references to external images, the mere action of opening the e-mail would divulge your phone number.

This could be used by anyone undertaking a phishing attack or other scam to get more information from an O2 users. The opportunity to abuse this is potentially endless.

Apparently, this issue has since been resolved on some of the handsets tested by the website, but the Apple iPhone still shows the problem - although it is expected that O2 will quickly start to fix the issue.

However, many users have commented on the thinkbroadband story that the issue still remains, with grave concerns for security being raised.