Today a rather alarming rumor about a data breach that suggests that the UK’s biggest network O2-UK forwards your phone number to any website that you have visited your smartphone.
Lewis Peckover built a site that displayed the header data sent to sites that you visit and found a network-specific field called “x-up-calling-line-id” which displayed his mobile number. He then tweeted this and it lend to angry users who tested the site having there number reveled. These people have flooded the company’s official Twitter, which is currently responding with:
“Security is our top most priority, we’re investigating this at the moment & will come back with more info as soon as we can.”
It has been confirmed that it’s only O2 who are effected by this issue. The issue comes around as O2 transparently proxies HTTP traffic, using the number as a UID.
The Information Commissioner’s Office has said the following:
“Keeping people’s personal information secure is a fundamental principle that sits at the heart of the Data Protection Act and the Privacy and Electronic Communications Regulations. When people visit a website via their mobile phone they would not expect their number to be made available to that website.
We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed.”