Earlier today, we posted a report from TNW that showed UK carrier O2, had been transmitting phone numbers to every website visited via their 2G or 3G network.
After the backlash on Twitter, O2 acknowledged and fixed the issue at 2pm GMT today, followed by an apology on their blog, including a Q&A to explain exactly what happened and who was affected.
We have seen the report published this morning suggesting the potential for disclosure of customers’ mobile phone numbers to website owners. We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused.
The issue occurred after a routine maintenance update on January 10th, that accidentally sent user phone numbers to website hosts, along with the standard log of technical information required from the device.
Q: Why did this happen? A: Technical changes we implemented as part of routine maintenance had the unintended effect of making it possible in certain circumstances for website owners to see the mobile numbers of those browsing their site.
Technical information is normally sent to websites so that servers can deliver a 'device-optimised' experience. Carriers add your phone number to this information, when sending data to 'trusted partners', to enable services that require; age verification, premium-content billing, and carrier specific services.
It seems that O2 have fixed the problem now, but after 15 days... is it too little, too late?
Source: O2 Blog