This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/go/rss/int/news/-/news/technology-16725531
The article has changed 3 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| O2 apology for disclosing mobile phone numbers online | O2 apology for disclosing mobile phone numbers online |
| (about 17 hours later) | |
| O2 has apologised for a technical problem which caused users' phone numbers to be disclosed when using its mobile data. | O2 has apologised for a technical problem which caused users' phone numbers to be disclosed when using its mobile data. |
| The company said it normally only passed numbers to "trusted partners". | The company said it normally only passed numbers to "trusted partners". |
| A problem during routine maintenance meant that from 10 January numbers could have been seen by other websites. | A problem during routine maintenance meant that from 10 January numbers could have been seen by other websites. |
| "We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused," the company said. | "We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused," the company said. |
| The Information Commissioner's Office had said that it would speak to O2 "to better understand what has happened". | The Information Commissioner's Office had said that it would speak to O2 "to better understand what has happened". |
| In a blog post the company said: "We are in contact with the Information Commissioner's office, and we will be co-operating fully." | In a blog post the company said: "We are in contact with the Information Commissioner's office, and we will be co-operating fully." |
| The company also said it had contacted the telecoms regulator Ofcom. | The company also said it had contacted the telecoms regulator Ofcom. |
| Unintended consequences | Unintended consequences |
| Lewis Peckover, a system administrator for a mobile gaming company, flagged up the issue on Tuesday. | Lewis Peckover, a system administrator for a mobile gaming company, flagged up the issue on Tuesday. |
| To demonstrate the flaw, he set up an online script which allows users to see if their number is revealed. | To demonstrate the flaw, he set up an online script which allows users to see if their number is revealed. |
| He said he was "absolutely shocked" by the discovery. | He said he was "absolutely shocked" by the discovery. |
| O2 said the problem was a temporary issue which arose during routine maintenance | O2 said the problem was a temporary issue which arose during routine maintenance |
| "Technical changes we implemented as part of routine maintenance had the unintended effect of making it possible in certain circumstances for website owners to see the mobile numbers of those browsing their site," the company wrote. | "Technical changes we implemented as part of routine maintenance had the unintended effect of making it possible in certain circumstances for website owners to see the mobile numbers of those browsing their site," the company wrote. |
| However, the company added that it had previously disclosed this information, but only when "absolutely required by trusted partners". | However, the company added that it had previously disclosed this information, but only when "absolutely required by trusted partners". |
| "When you browse from an O2 mobile, we add the user's mobile number to this technical information, but only with certain trusted partners." | "When you browse from an O2 mobile, we add the user's mobile number to this technical information, but only with certain trusted partners." |
| The company said this was needed to manage "age verification, premium content billing, such as for downloads, and O2's own services". | The company said this was needed to manage "age verification, premium content billing, such as for downloads, and O2's own services". |
| However the technical glitch meant the sharing went further it said: "In addition to the usual trusted partners, there has been the potential for disclosure of customers' mobile phone numbers to further website owners." | However the technical glitch meant the sharing went further it said: "In addition to the usual trusted partners, there has been the potential for disclosure of customers' mobile phone numbers to further website owners." |
| It said that the problem potentially "affected customers accessing the internet via their mobile phone on 3G or WAP services, but not wi-fi". | It said that the problem potentially "affected customers accessing the internet via their mobile phone on 3G or WAP services, but not wi-fi". |
| Trusted partners | Trusted partners |
| O2 said that the limited sharing of numbers was "standard industry practice". | O2 said that the limited sharing of numbers was "standard industry practice". |
| In a statement Everything Everywhere confirmed: "When Orange and T-Mobile customers use their mobile phones for general web browsing no customer information, such as mobile phone numbers, is shared with the website. | In a statement Everything Everywhere confirmed: "When Orange and T-Mobile customers use their mobile phones for general web browsing no customer information, such as mobile phone numbers, is shared with the website. |
| "As is the case with all mobile operators in the UK, Orange and T-Mobile customers can visit a small number of trusted partner websites where transactions can take place, such as purchasing ringtones. In order to complete the purchase or download customers pay via their Orange and T-Mobile accounts and hence mobile phone numbers have to be made available to these sites." | "As is the case with all mobile operators in the UK, Orange and T-Mobile customers can visit a small number of trusted partner websites where transactions can take place, such as purchasing ringtones. In order to complete the purchase or download customers pay via their Orange and T-Mobile accounts and hence mobile phone numbers have to be made available to these sites." |
| In a statement Vodafone said it pursued a similar policy adding that it only shared numbers with approved Vodafone UK partners who were "subject to security checks to ensure they conform to our stringent requirements around protecting our customers' privacy". | In a statement Vodafone said it pursued a similar policy adding that it only shared numbers with approved Vodafone UK partners who were "subject to security checks to ensure they conform to our stringent requirements around protecting our customers' privacy". |
| Questions | Questions |
| Mr Peckover had told the BBC he would be making a formal complaint to the Information Commissioner's Office about O2. | Mr Peckover had told the BBC he would be making a formal complaint to the Information Commissioner's Office about O2. |
| "I don't want sites to match up all my requests and potentially call me and talk to me about them," he said. | "I don't want sites to match up all my requests and potentially call me and talk to me about them," he said. |
| The Information Commissioner's Office said: "When people visit a website via their mobile phone they would not expect their number to be made available to that website. | The Information Commissioner's Office said: "When people visit a website via their mobile phone they would not expect their number to be made available to that website. |
| "We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed." | "We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed." |
| One business owner who checked his servers' logs told the BBC that he had discovered that they contained hundreds of mobile phone numbers. | One business owner who checked his servers' logs told the BBC that he had discovered that they contained hundreds of mobile phone numbers. |
| Nick Halstead, of Tweetmeme, said that he was concerned that advertisers could make use of the information. | Nick Halstead, of Tweetmeme, said that he was concerned that advertisers could make use of the information. |
| "This would be very valuable to them. I think it's a matter of massive concern," he said. | "This would be very valuable to them. I think it's a matter of massive concern," he said. |
| "They could now know not just your phone number, but all the websites that you visit, and so target you." | "They could now know not just your phone number, but all the websites that you visit, and so target you." |
| Customer anger | Customer anger |
| News of the discovery spread rapidly on Twitter. | News of the discovery spread rapidly on Twitter. |
| One Twitter user wrote: "I'm outraged this even happened. @O2 need to both fix this quick, AND explain why they decided to volunteer our numbers in the first place." | One Twitter user wrote: "I'm outraged this even happened. @O2 need to both fix this quick, AND explain why they decided to volunteer our numbers in the first place." |
| Another tweeted: "Woah - @O2 users' mobile numbers are being beamed to every website - and ad server - they access? That's... not good." | Another tweeted: "Woah - @O2 users' mobile numbers are being beamed to every website - and ad server - they access? That's... not good." |
| O2 said it "would like to apologise for the concern we have caused". | O2 said it "would like to apologise for the concern we have caused". |
| There is no evidence that other networks had experienced similar problems. | There is no evidence that other networks had experienced similar problems. |