Wednesday, January 25, 2012

O2 data breach potentially shares your cellphone number with the world

O2 data breach potentially shares your cellphone number with the world
There's an alarming rumor circulating that suggests that UK network O2 forwards your phone number to any website visited on a smartphone. Lewis Peckover built a site that displays the header data sent to sites you visit, finding a network-specific field called "x-up-calling-line-id" which displayed his number. Angry users who tested the site have flooded the company's official Twitter, which is currently responding with:

"Security is our top most priority, we're investigating this at the moment & will come back with more info as soon as we can."

The Next Web confirmed that Orange, T-Mobile and Vodafone numbers are unaffected by the issue, but GiffGaff and Tesco Mobile (both MVNOs that operate on the same network) do. TNW's sources say it's most likely an internal testing setup, while Mr. Peckover suggests it's because the network transparently proxies HTTP traffic, using the number as a UID.

Update: We received confirmation from O2, who said that it was "investigating with internal teams and it's our top priority." Slashgear and Think Broadband were unable to replicate the problem, but in our tests (pictured) it was sharing our data with the site.

Update 2: Consumer magazine Which? contacted UK privacy watchdog, the Information Commissioner's Office which offered the following:

"Keeping people's personal information secure is a fundamental principle that sits at the heart of the Data Protection Act and the Privacy and Electronic Communications Regulations. When people visit a website via their mobile phone they would not expect their number to be made available to that website.

We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed."

We'll let you draw your own conclusions from that one, but it's not shaping up to be a good day for the company (or its users).

O2 data breach potentially shares your cellphone number with the world originally appeared on Engadget on Wed, 25 Jan 2012 04:54:00 EDT. Please see our terms for use of feeds.

Permalink The Next Web  |  sourceLewis Peckover  | Email this | Comments


Source: http://feeds.engadget.com/~r/weblogsinc/engadget/~3/8DLBCbUJnH4/

doj department of justice dept of justice weather chicago swizz beatz mpaa south carolina debate

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.