O2 Data Breach: Your Mobile Number Shown to EVERY Website You’ve Visited

Today a rather alarming rumor about a data breach that suggests that the UK’s biggest network O2-UK forwards your phone number to any website that you have visited your smartphone.

Lewis Peckover built a site that displayed the header data sent to sites that you visit and found a network-specific field called “x-up-calling-line-id” which displayed his mobile number. He then tweeted this and it lend to angry users who tested the site having there number reveled. These people have flooded the company’s official Twitter, which is currently responding with:

“Security is our top most priority, we’re investigating this at the moment & will come back with more info as soon as we can.”

It has been confirmed that it’s only O2 who are effected by this issue. The issue comes around as O2 transparently proxies HTTP traffic, using the number as a UID. 

The Information Commissioner’s Office has said the following:

“Keeping people’s personal information secure is a fundamental principle that sits at the heart of the Data Protection Act and the Privacy and Electronic Communications Regulations. When people visit a website via their mobile phone they would not expect their number to be made available to that website.

We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s