O2 leaking user numbers to websites

O2 leaking user numbers to websites
O2 Wednesdays... clearly not as good as Orange's

O2 could be in really hot water here: it seems users' numbers are being leaked to possibly any website that requests them.

Twitter user @lewispeckover picked up the problem and created a simple website that returns the information any website could poll from a user.

The site clearly shows that the x-up-calling-line-id header (which request the user phone number) is in full force when accessing the site via a mobile phone - but apparently only O2 is actually sending out the information.

All and sundry

This means that, feasibly, any website could be given access to user numbers when browsed on an O2 mobile, which leads to all kinds of questions over data protection and privacy.

It's not good news for O2's partners either - it seems that GiffGaff and Tesco, which piggyback on the O2 network, are offering up the information freely as well, which is never going to go down well.

It's a tricky question over whether this is a real problem for users or if it's just a small loophole that's been exposed; there is some evidence that the information sending is intermittent and could be something as simple as an O2 proxy server gone awry.

Phishing for problems

That doesn't forgive the fact that such a thing is possible at all - if O2 does have a list of sites that it allows to curry this information, then users will want to know about this as well, plus raises the issue of how easily an email phishing scam could attract mobile number data with a relatively simple campaign.

In all our tests with multiple handsets and O2 accounts the number was indeed sent, which seems to prove that the problem is current and still live - although we're sure O2 is looking to shut down the issue as fast as it can whip its engineers.

TechRadar has spoken to O2 about the issue, and have unsurprisingly been told that the issue is being 'investigated as a top priority' - we'll let you know when we hear anything more.

We've also contacted all the other networks about the issue, and we'll publish their responses too.

In the meantime, if you're an O2 user then check out the site for yourself and see what happens - let us know your findings with a comment below.

Gareth Beavis
Formerly Global Editor in Chief

Gareth has been part of the consumer technology world in a career spanning three decades. He started life as a staff writer on the fledgling TechRadar, and has grown with the site (primarily as phones, tablets and wearables editor) until becoming Global Editor in Chief in 2018. Gareth has written over 4,000 articles for TechRadar, has contributed expert insight to a number of other publications, chaired panels on zeitgeist technologies, presented at the Gadget Show Live as well as representing the brand on TV and radio for multiple channels including Sky, BBC, ITV and Al-Jazeera. Passionate about fitness, he can bore anyone rigid about stress management, sleep tracking, heart rate variance as well as bemoaning something about the latest iPhone, Galaxy or OLED TV.