O2 sends users’ phone numbers to website operators

Mobile telecommunications operator O2 sends its customers’ telephone numbers to website operators when they visit their sites from their mobile phones, an engineer has discovered.

Lewis Peckover, a system administrator at mobile gambling company Probability, discovered yesterday that O2 includes the users’ phone number in HTML headers, the metadata included in any HTML request or reponse. 

Peckover wrote a script that allows mobile web users see the information that is being sent by their provider in their HTML headers. It seems that devices on the O2 mobile network send an extra line of information – the "x-up-calling-line" – which shows the phone number of the browsing device.

Large web operators typically collect data from HTML headers in order to track where visitors are located and what browsers they are using.

O2 says it is "investigating the issue".

The UK’s Data Protection Act prohibits companies from passing their customers’ personal data onto third parties without consent. The Information Commissioner’s Office says that it will now speak O2.
"When people visit a website via their mobile phone they would not expect their number to be made available to that website," the Information Commissioner’s Office said in a statement.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics