updated 11:15 am EST, Wed January 25, 2012
O2 UK quietly sorts phone number leak debacle
O2 UK has quietly solved or at least mitigated a major security breach on Wednesday. Following a discovery by Lewis Peckover that O2 was sending mobile subscribers' phone numbers in the clear through their web browser user agent, O2 claimed that it was cleared up. The company explained that it normally sent phone number information to "certain trusted partners" for age verifications and carrier billing, but this information had started going out to other sites by accident.
Changes during "routine maintenance" on January 10 had accidentally exposed more of the information, O2 said. Those on Wi-Fi weren't affected, since they weren't directly using O2's cellular network.
It was aware of an Information Commissioner investigation and was working both with the commission as well as UK regulator Ofcom.
While quickly coming to a close, the two-week incident was potentially serious. Any site that scanned or kept web logs, primarily from Android and iPhone users, could have had access to large numbers of British phone numbers. Although not directly attached to accounts, searches online could likely turn up other personal information or lead to unwanted spam calls and texts.