O2 Giving out phone numbers?

Fegruson · 25 Jan 2012 at 14:04

janp said:
If anyone else wants to complain, I've been told to email [email protected], including Complaint in the subject line.

I'll post this again in this thread as there are more people viewing this.

Anybody reckon this is worthy enough of getting out of a contract early?

Dj_Jestar · 25 Jan 2012 at 14:24

T-Mobile sold my number about 5 years ago. So I switched to O2, and now they've gone and done this

Some of the texts I've been getting are diabolically explicit, too. And I don't even browse porn on my phone

Glaucus · 25 Jan 2012 at 14:29

I think it's safe to say that with MPs and othe governing bodies wading in, then O2 will fix this.

Mike UK · 25 Jan 2012 at 14:41

O2 have fixed this one.

http://www.theregister.co.uk/2012/01/25/o2_stop_phone_number_leak/

King Damager · 25 Jan 2012 at 15:07

Mike UK said:
O2 have fixed this one.

http://www.theregister.co.uk/2012/01/25/o2_stop_phone_number_leak/

Can confirm the original site no longer displays my number.

Does Phone Model, Language set and Browser being used.

kd

Freakbro · 25 Jan 2012 at 16:01

Wow, that didn't take long!

Radio now reporting o2 say they have fixed the issue

Archy · 25 Jan 2012 at 16:06

Dj_Jestar said:
Some of the texts I've been getting are diabolically explicit, too. And I don't even browse porn on my phone

Same boat here. Had about 6 or 7 from the one place, all explicit. Never visited a porn site on my phone ever though!

Edit: Official press release here

O2 mobile numbers and web browsing

Security is of the utmost importance to us and we take the protection of our customers' data extremely seriously.

We have seen the report published this morning suggesting the potential for disclosure of customers' mobile phone numbers to website owners.

We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused.

Below is a set of Q&As, to answer questions we've been receiving. If you have further questions, do leave them in the blog comments and we will do our best to answer as many as possible.

Q: What's happened with O2 mobile numbers when I browse the internet on my mobile?

A: Every time you browse a website (via mobile or desktop), certain technical information about the machine you are using, is passed to website owners. This happens across the internet, and enables website owners to optimise the site you see. When you browse from an O2 mobile, we add the user's mobile number to this technical information, but only with certain trusted partners. This is standard industry practice. We share mobile numbers with selected trusted partners for 3 reasons: 1) to manage age verification, which manages access to adult content, 2) to enable third party content partners to bill for premium content such as downloads or ring tones that the customer has purchased 3) to identify customers using O2 services, such as My O2 and Priority Moments. This only happens over 3G and WAP data services, not WiFi.

Q: How long has this been happening?

A: In between the 10th of January and 1400 Wednesday 25th of January, in addition to the usual trusted partners, there has been the potential for disclosure of customers' mobile phone numbers to further website owners.

Q: Has it been fixed?

A: Yes. It was fixed as of 1400 on Wednesday 25th January 2012.

Q: Which of my information can website owners access?

A: The only information websites had access to is your mobile number, which could not have been linked to any other identifying information we have about customers.

Q: Why did this happen?

A: Technical changes we implemented as part of routine maintenance had the unintended effect of making it possible in certain circumstances for website owners to see the mobile numbers of those browsing their site.

Q: Which customers were affected?

A: It affected customers accessing the internet via their mobile phone on 3G or WAP services, but not WIFI, between 10th of January and 1400 on Wednesday the 25th of January.

Q: Which websites do you normally share my mobile number with?

A: Only where absolutely required by trusted partners who work with us on age verification, premium content billing, such as for downloads, and O2's own services, have access to these mobile numbers.

Q: The Information Commissioner said he is investigating - what are you doing as part of this?

A: We are in contact with the Information Commissioner's office, and we will be co-operating fully. We have also contacted OFCOM.

Dj_Jestar · 25 Jan 2012 at 16:06

I've emailed O2 to see what they'll do about the fact my number has already been "released."

I'm absolutely furious about it

v0n · 25 Jan 2012 at 23:24

O2 FAQ up qui pro quo said:
Q: Which websites do you normally share my mobile number with?

A: Only where absolutely required by trusted partners who work with us on age verification, premium content billing, such as for downloads, and O2's own services, have access to these mobile numbers.

Oh no you di'n't. Not without us giving you specific permission to EVERY TIME. Are you kidding me? You do it ALL THE TIME for some (air quotes on)trusted partners(air quotes off)?

Glaucus · 25 Jan 2012 at 23:31

O2 are going to get spanked by the commission.

No where in T&Cs do they say they will pass on are numbers to trusted 3rd parties.
I hope they are hit with a massive fine. Its about time companies where accountable for our data.
I also hope the EU legislation is pushed through, with maximum fine being 2% of gross global turnover. That should scare companies into spending money on securing our data.

http://www.guardian.co.uk/technology/2012/jan/25/o2-data-users-numbers-websites
*
Mobile operator O2 has admitted that it regularly hands over subscribers' phone numbers to sites that offer age-restricted material and premium-rate billing, whether the users realise it or not.

"It looks like I don't get to make the decision about whether to share my phone number with those sites," said Graham Cluley, security consultant with the online security firm Sophos. "I don't see why. If I'm on a site and they need to know my phone number before I can proceed, why can't I decide whether I let them see my number? If I don't agree, they can stop me proceeding."

O2 did not respond to requests for clarification on its policy. The Guardian could not find any clauses in its web and WAP policy or its general terms and conditions that suggest it shares subscribers' mobile numbers.

zain · 25 Jan 2012 at 23:52

A good concern raised, when I read this last night it answered some questions and worried me!

Glad they fixed it so quick, bet it was easy!

v0n · 25 Jan 2012 at 23:57

What's worse - even if one actually exists in small print somewhere - the O2's "premium partner" policy seems to affect completely unaware "backbone" third party users - Tesco mobile, Giff Gaff etc. That's just criminal.

Dj_Jestar · 26 Jan 2012 at 00:03

Do other providers have this in their T&Cs? I just so happen to work alongside SMS Aggregators and the like, and it is very much common practice to send mobile numbers to premium content sites, without need to have it in T&Cs because telephone numbers (when sent on their own, i.e. without name/address) don't fall under private data.