O2 Privacy Flaw Sends Users' Mobile Numbers to Visited Websites

o2 logoAs noted by think broadband, a privacy flaw in the way UK carrier O2 handles web traffic on mobile devices has resulted in users' mobile numbers being sent to any website visited from the device as part of the headers in the HTTP requests. While O2 is apparently still investigating the situation, it appears to have the potential for significant privacy-related issues.

If you're reading this news article using your O2 mobile phone, you'll be pleased to know that O2 have already sent us your mobile phone number within the HTTP headers which normally contain information about how content can be displayed on your device. These headers are not normally seen by users, and usually not logged by most websites, but the flaw allows malicious sites to get more personal information about you than you may be willing to share.

For example, if you open an e-mail which includes references to external images, the mere action of opening the e-mail would divulge your phone number. This could be used by anyone undertaking a phishing attack or other scam to get more information from you. The opportunity to abuse this is potentially endless.

The issue was discovered by Twitter user @lewispeckover, who then set up a website to allow users to see what headers are being sent as part of their HTTP requests to websites.

He now notes that the headers coming from his device appear to have stopped showing his mobile phone number, although O2 has yet to issue an official statement on the matter. The company's Twitter account is continuing to blast out responses to concerned users, noting only that the company is looking into the situation and will issue an update when it knows more.

The issue is not exclusive to the iPhone and has the potential to affect all mobile data on the second-largest carrier in the UK, although some users have reported that they are not seeing their mobile numbers appearing in their HTTP request headers. The issue has the potential to for a significant impact on UK iPhone users, as O2 has proven to be a popular choice for iPhone users dating back to its status as the exclusive iPhone carrier in the UK when the device originally launched back in 2007.

Those familiar with the UK's privacy laws have indicated that mobile phone numbers are not considered protected information, but the disclosure of such numbers as part of standard HTTP requests does have the potential to carry implications for users.

Popular Stories

2024 iPhone Boxes Feature

Apple Changes Trade-In Values for iPhones, iPads, Macs, and More

Thursday January 16, 2025 6:45 am PST by
Apple today adjusted estimated trade-in values for select iPhone, iPad, Mac, and Apple Watch models in the U.S., according to its website. Some values increased, while others decreased. The changes were not too significant, with most values rising or dropping by $5 to $50. We have outlined some examples below: Device New Value Old Value iPhone 15 Pro Max Up to $630 U ...
Generic iOS 19 Feature Mock Light

iOS 19 Leak Reveals All-New Design

Friday January 17, 2025 2:42 pm PST by
iOS 19 is still around six months away from being announced, but a new leak has allegedly revealed a completely redesigned Camera app. Based on footage it obtained, YouTube channel Front Page Tech shared a video showing what the new Camera app will apparently look like, with the key change being translucent menus for camera controls. Overall, the design of these menus looks similar to...
Generic iOS 18

Everything New in iOS 18.3 Beta 3

Thursday January 16, 2025 12:39 pm PST by
Apple provided the third beta of iOS 18.3 to developers today, and while the betas have so far been light on new features, the third beta makes some major changes to Notification Summaries and also tweaks a few other features. Notification Summary Changes Apple made multiple changes to Notification Summaries in response to complaints about inaccurate summaries of news headlines. For...
iPhone 17 Slim Feature Single Camera 1 Redux

'iPhone 17 Air' Launching Later This Year With These 10 New Features

Wednesday January 15, 2025 7:16 am PST by
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the "ultra-thin" device. Overall, the "iPhone 17 Air" is shaping up to be a mixed bag. Due to its thinness, the device is expected to have some limited specifications compared to the iPhone 17 Pro models, including only a single rear camera, only a single speaker, no SIM...
iPhone 17 Pro Dual Tone Horizontal Single Feature

iPhone 17 Rumored to Feature Major Thermal Design Upgrade

Friday January 17, 2025 4:33 am PST by
The iPhone 17 lineup will feature a vapor chamber heatsink to improve thermal performance, according to a new report. The news comes from Chinese tech news site MyDrivers, which claims that the entire iPhone 17 lineup, consisting of the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max, will adopt the improved thermal heat spreader. Vapor chamber technology is already used...
iPad Pro vs iPhone 17 Air Feature

Here's How Thin the iPhone 17 Air Might Be

Friday January 17, 2025 3:38 pm PST by
For the last several months, we've been hearing rumors about a redesigned version of the iPhone 17 that Apple might call the iPhone 17 "Air," or something along those lines. It's going to replace the iPhone 17 Plus as Apple's fourth iPhone option, and it will be offered alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. We know the iPhone 17 Air is going to be super slim, but...
HomePod mini and Apple TV

Apple Expected to Launch 20+ Products This Year: Here's the Full List

Friday January 17, 2025 5:30 am PST by
2025 promises to be quite a big year for Apple, with the company rumored to be planning more than 20 product announcements this year. Apple's rumored smart home hub will be its second all-new product to launch in as many years, following the Apple Vision Pro headset last year. And of course, we will get several new iPhone and Apple Watch models, like every year. Beyond that, Apple could...
iOS 19 Alleged Camera App Render

iOS 19 Rumored to Feature Redesigned Camera App Inspired by visionOS

Friday January 17, 2025 1:48 pm PST by
iOS 19 will feature a redesigned Camera app inspired by visionOS, according to a new video from Jon Prosser, host of the YouTube channel Front Page Tech. A re-created render of iOS 19's redesigned Camera app (Credit: Front Page Tech) Prosser obtained video of the alleged new Camera app, but he elected to share his own re-created images to protect his sources. The images reveal that the app...

Top Rated Comments

Elijahg Avatar
170 months ago
I've really not been impressed by O2 in recent years. I first joined them in 2006, but ever since then, their network coverage in the 20 mile radius of here (near Bath) hasn't improved one bit. The 3G coverage is absolutely awful. If you aren't in a major town or a city, you have no chance of 3G with O2, only dial-up speed GPRS. Not even EDGE in most cases.

Everything Everywhere are very good, but Three (in the south of England at least) are best by far for 3G coverage.

Perhaps if O2 spent more money on, well, being a service provider and improving their network, rather than all that "priority moments" crap, they might increase their 3G coverage.
Score: 6 Votes (Like | Disagree)
Elijahg Avatar
170 months ago
Not so in my o2 account with an iPhone using iOS 5.0.1 via Safari.

It wasn't inserted into the user agent, it was a separate header: "x-up-calling-line-id".
Score: 4 Votes (Like | Disagree)
japanime Avatar
170 months ago
The "O" is for "Oops!"
Score: 4 Votes (Like | Disagree)
0098386 Avatar
170 months ago
I'm appalled they let this in.

I'm thrilled they fixed it so quickly.

I'm going to treat o2 with a bit more suspicion from here on out.
Score: 2 Votes (Like | Disagree)
The Phazer Avatar
170 months ago
I am now intrigued though as to who the "trusted partners" are. O2 themselves and BT Openzone are the only ones I can think of.

One is Bango, the company that runs O2's adult verification software and thought sending credit card numbers in plaintext over http was a good idea.

O2 might "trust" them. I don't.

Phazer
Score: 2 Votes (Like | Disagree)
4D4M Avatar
170 months ago
I'm perfectly happy with O2, I've found the coverage decent and I don't get loads of junk text messages from them like I did from Vodafone*. This latest gaffe is a bit annoying, but whatever, as a business owner my details are well and truly 'out there' for all the lowlife to exploit anyway. Bring it on scumbags.

*The junk texts don't stop when you leave Vodafone. The other day I received a text that said "Come back to Vodafone and we'll give you a free Windows 7 laptop". If there's one thing that would be guaranteed to STOP me going back to them, it's the threat of a crappy low end piece of junk with a crappy low end OS turning up at my house.
Score: 2 Votes (Like | Disagree)