Mobile users’ phone numbers are being leaked to every website they visit because of a security glitch, it has been claimed.
Research by a British IT expert suggests that the operator O2 sends its customers’ numbers to website they access on their smartphones along with the information the sites need to decide how to properly display on different computers and phones.
Lewis Peckover, a 28-year-old web systems administrator, found the issue on Tuesday after experimenting with his own phone. He said that it could affect other networks but added that not every O2 customer was affected. Individual websites would choose whether or not to store the information, once it is received.
Sophos’ online security expert Graham Cluley said the problem first emerged two years ago but nothing has been done to solve it. He said: “It's hard to understand why a mobile phone network operator would think it is necessary to transmit their customers' mobile phone numbers to the website they visit. My guess is that it's more likely to be a cock-up than malice which caused this data to be leaked - but what's worse is that the problem is still present almost two years after it was first discovered.
“It's certainly easy to imagine how the information could be abused - for instance, if your mobile phone number is scooped up, it could then be used to SMS text spam you.”
An O2 spokesman said: “we are investigating the reports and will provide updates as soon as possible.”