O2 Sends Customers Cellphone Number In Browser HTTP Header Request

A couple of days ago, tech analysts lead by Lewis Peckover discovered that O2, despite being one of the most powerful carriers on the UK market had a serious security issue that sends subscribers’ phone numbers to the websites that they have visited over an O2 connection. After further testing not only the problem was confirmed, but also it was revealed that O2’s Mobile Virtual Network Operators (MVNO) — GiffGaff and Tesco Mobile were affected by this issue too. Subscribers from other carriers like Orange, Three and Vodafone were safe from this danger.


At the time, O2 reassured its customers that the situation is under investigation but the subscribers expressed their rage on Twitter and the everyone looked for answers. Apparently, the problem is caused by O2’s use of transparent proxies. As Tom Warren the tech writer from The Verge explains “the proxies allow firms to balance network load, but carriers typically inject a unique identifier into HTTP headers to help webmasters identify visitors with non-personal information.” Some informed users and developers even passed on a solution that relies on the following settings: “APN: mobile.o2.co.uk; Username: bypass; Password: password.”

The latest update on this matter reveals that O2 managed to sort out the mess, and even revealed that the problem „occurred as a result of technical changes in routine maintenance” and it affected the users who accessed the web from their phones between January 10th and 2PM GMT on Wednesday January 25th.

Source

[ttjad keyword=”general-mobile”]

Leave a Reply