O2 has apologised to its users after it emerged earlier today that subscribers' numbers were being made available to any websites visited using their mobile phones.
The glitch, uncovered by an O2 user through a dummy website, has left users' numbers exposed for the past two weeks. O2 says it has now plugged the security hole.
In the wake of the Carrier IQ affair, the last thing the mobile industry needs is another security scandal. But thanks to “technical changes we implemented as part of routine maintenance”, that's exactly what O2 finds itself in the middle of.
Twitter user @lewispeckover made the issue known after setting up a trial website to check his suspicions, and Twitter being Twitter – it wasn't long before O2 had a full-scale web mutiny on its hands.
As of 2pm today the issue has been resolved, and O2 has followed up with a blog post apologising for any convenience caused.
“We have seen the report published this morning suggesting the potential for disclosure of customers' mobile phone numbers to website owners,” O2 noted. “We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused.”
The network emphasised that only users' phone numbers were left exposed, and there was no way of using the numbers to uncover other personal details.
O2 pinpointed routine maintenance conducted on January 10 as inadvertently having opened the security hole, “making it possible in certain circumstances for website owners to see the mobile numbers of those browsing their site”.
What may be of more concern for O2 users, however, is the network's admission that it does share the data with certain “trustworthy” third parties as a matter of course. It didn't go into any further details, but we imagine we're not alone in fearing that O2's definition of trustworthy may well be different to yours and mine.