The IT security flaw was highlighted by an O2 customer who was able to create a web tool which is able to display the HTTP header information which is sent to sites by connecting to the web browser.Though the issue does not affect every O2 user the concept has angered many. When accessing a website using a mobile phone O2 3G connection, a HTTP header line was added which contained personal telephone numbers. An IT aware website owner could keep the information and leave the user vulnerable to phone calls and having their number sold to marketing schemes.
O2 is currently investigating the error and has declared it shall update the public as soon as we can.
Through subsequent checks it appears that O2 is the only offender with other 3G networks not showing user phone numbers. TescoMobile and GiffGaff users have been affected as they are associated with the O2 infrastructure.
Update:
O2 has announced that the problem has been fixed- except for sending your number to trusted partners whose names are not commonly available, hopefully however, this fix will put security controls back where they belong. O2 are still investigating why private personal data was published to begin with.
