O2 in UK is sending mobile numbers in HTTP headers!

Update: O2 has fixed the problem: O2 mobile numbers and web browsing

O2 in UK has been caught doing something very stupid. O2 subscribers accessing websites from their mobile devices on their mobile network are revealing their mobile number to every website they visit.

O2 conveniently is adding the mobile number as one of the many elements that are delivered to the servers being accessed.

O2 in UK is sending mobile numbers in HTTP headers!

This problem was discovered by Lewis Peckover:

Industry analysts believe that they are using this mechanism to detect the customer on their own web services but have accidentally turned it on for the entire web.

O2 is apparently yet to shut down this problem. The data is leaked and the problem cannot be fixed simply. Any web server accessed by an O2 subscriber would have their personal information in the logs!

Posted in UncategorizedTagged , ,

Leave a Reply