The Register® — Biting the hand that feeds IT

Feeds

O2 apologizes for 'unintended' number-leak cockup

Will cooperate with Information Commissioner's probe

By Iain Thomson in San Francisco, 25th January 2012
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

O2 has issued a public apology for leaking the phone numbers of some 3G customers in header information sent to website managers.

“We would like to apologize for the concern we have caused,” the company said in a statement.

The cellco said it was standard industry practice to send out user’s phone number information in this way to “certain trusted partners”, (as El Reg has pointed out) but blamed a botched maintenance job on January 10 for the data spillage. O2 said it had plugged the leak as of 14:00 GMT Wednesday.

“Technical changes we implemented as part of routine maintenance had the unintended effect of making it possible in certain circumstances for website owners to see the mobile numbers of those browsing their site,” it explained.

The UK's Information Commissioner is looking into the incident, and O2 said it had been in contact and would cooperate fully with any inquiry. It has also made a call to Ofcom to offer what one would assume to be a grovelling apology.

The problem occurred with O2 bundling in phone numbers of 3G users to websites that were visited – but this didn’t affect Wi-Fi users. The number appeared in an x-up-calling-line-id line and was storable by the site, although there are no reports yet of anyone being contacted. ®

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

COMMENTS

House Rules Send Corrections
All Reader Comments (22)
Highly Rated
Anonymous Coward
Anonymous Coward

So, Phorm's offspring has gone mobile, then?

Given that Phorm-style technology can work both ways, a careful read of the article would seem to indicate so: According to the article, O2 customers who were surfing the web on their phones via Wi-Fi were not affected, but those who were surfing through the O2 network were affected.

Given that two given HTTP requests to identical static URLs/pages hosted by the same web server should be semantically identical, the fact that they are not indicates that O2 is doing some on-the-fly request header rewriting.

So if O2 is rewriting outgoing requests, how do we know that it's not rewriting inbound responses?

7
1
Studley

"Unintended" (alternative definition)

"We didn't mean to get found out"

4
0
Wize

So they do intend to give your number to certain people...

...just that they were caught doing it.

4
0

More from The Register

1,000 O2 staff chose redundancy over Capita
Betrayal, or just decent terms?
48
Google launches broadband balloons, radio astronomy frets
A careless Loon could blind the square kilometre array
45
breaking news
Pttow! Ofcom kicks hams out of MoD bands
Geet off my land, you, you ... 'secondary user'
30
breaking news
Now you can use your phone instead of your wallet at the ATM, too
Blimey, these little paper towels out of the vending machine are really expensive
47
breaking news
UK.gov's £530m bumpkin broadband rollout: 'Train crash waiting to happen'
Whitehall whispers of damning watchdog report next month
30
breaking news
MySpace zaps millions of teens' tearful rants, causes wave of angst
'Your crappy redesign SUCKS, I wanna read my blogs' screech users
53
breaking news
Microsoft Office 365 on iPhone NOW: No, we're not making this up
Word, Excel, Powerpoint for your pocket-stroker
83
Vodafone Oz launches '100 Mbps' 4G service
Nice speed if you can get it
7
breaking news
Clearwire board to shareholders: Go on, grab that Dish cash
Sprint looks on in dismay
3
EU signs off on eCall emergency-phone-in-every-car plan
GPS and a mobe in every car - do you suppose the NSA would fancy that?
100