Friday, January 27, 2012

O2 data breach potentially shares your cellphone number with the world (Updated)

O2 data breach potentially shares your cellphone number with the world
There's an alarming rumor circulating that suggests that UK network O2 forwards your phone number to any website visited on a smartphone. Lewis Peckover built a site that displays the header data sent to sites you visit, finding a network-specific field called "x-up-calling-line-id" which displayed his number. Angry users who tested the site have flooded the company's official Twitter, which is currently responding with:

"Security is our top most priority, we're investigating this at the moment & will come back with more info as soon as we can."

The Next Web confirmed that Orange, T-Mobile and Vodafone numbers are unaffected by the issue, but GiffGaff and Tesco Mobile (both MVNOs that operate on the same network) do. TNW's sources say it's most likely an internal testing setup, while Mr. Peckover suggests it's because the network transparently proxies HTTP traffic, using the number as a UID.

Update: We received confirmation from O2, who said that it was "investigating with internal teams and it's our top priority." Slashgear and Think Broadband were unable to replicate the problem, but in our tests (pictured) it was sharing our data with the site.

Update 2: Consumer magazine Which? contacted UK privacy watchdog, the Information Commissioner's Office which offered the following:

"Keeping people's personal information secure is a fundamental principle that sits at the heart of the Data Protection Act and the Privacy and Electronic Communications Regulations. When people visit a website via their mobile phone they would not expect their number to be made available to that website.

We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed."

We'll let you draw your own conclusions from that one, but it's not shaping up to be a good day for the company (or its users).

Update 3: Our tests have stopped working now, as it looks like the network is hurriedly trying to close the hole, but we've had no official word that it's over just yet.

Update 4: O2 has issued a full statement and Q&A which we've embedded after the jump. Long story short, it's fixed the issue -- caused by accidental routine maintenance. 3G / WAP users will have shared your number with any site you visited since January 10th. The network has promised it will co-operate fully with the ICO and has reported itself to Ofcom.

Continue reading O2 data breach potentially shares your cellphone number with the world (Updated)

O2 data breach potentially shares your cellphone number with the world (Updated) originally appeared on Engadget on Wed, 25 Jan 2012 10:50:00 EDT. Please see our terms for use of feeds.

Permalink The Next Web  |  sourceLewis Peckover, O2  | Email this | Comments

Source: http://www.engadget.com/2012/01/25/o2-data-breach/

aurora borealis s.978 larry ellison go ask alice go ask alice john mccarthy john mccarthy

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.