Knowledge Base
Community

Mobile Number Information Issue [25/01/12] [Resolved]

Started by: craig_t
On: 25/01/2012 | 12:26
Replies: 295
Reply

Highlighted
by: craig_t
former giff-staffer

on: 25/01/2012 | 12:26 edited: 25/01/2012 | 19:56

Good afternoon,

 

We're currently aware of an issue where mobile number information could be being shared in HTTP headers when browsing the mobile internet through headers on your 3G service.

 

At giffgaff, the privacy and security of our customers is our utmost concern. We are investigating the reports of what appears to be an O2 network issue as a priority, and will be back to you here as soon as we hear anything more.

 

This has been raised and commented on by us in parts of the community already, so we're starting this thread so you can all pull your discussion together into one place, and also get updates from us from one location too.

 

Kind regards,

 

--craig

 

---

 

**Update - 13:34**

 

In order to collate discussion on this, we've merged a longer running thread from this morning into this one.

 

Any posts you see here from before 12:26 are from this previous thread - posts after 12:26 were made in response to the original post above.

 

Our latest update is that O2 are investigating this and are aiming to fix the problem as soon as possible.

 

Unofficial Update -

 

We've had some reports on this thread from customers that they are no longer seeing this occur. As others are saying this is still occuring for them, we are continuing to ask for information on this and will update as soon as we hear more.

 

Kind regards,

 

--craig

 

 --

 

**Update - 16:26**

 

O2 have confirmed via their blog that this was resolved as of 14:00 today. So, this information should no longer be being shared.

 

The full text of the blog is shared below, along with a link.

 

We will continue to investigate for further information, and update when we have any ifnormation relevant to giffgaffers - so will leave the thread open for the time being for this purpose.

 

Kind regards,

 

--craig

 

--

 

http://blog.o2.co.uk/home/2012/01/o2-mobile-numbers-and-web-browsing.html#more

 

--

 

Quoted Text From O2 Blog

 

25 January 2012

 

O2 mobile numbers and web browsing

 

Security is of the utmost importance to us and we take the protection of our customers’ data extremely seriously.
 
We have seen the report published this morning suggesting the potential for disclosure of customers’ mobile phone numbers to website owners.

We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused.
 
Below is a set of Q&As, to answer questions we've been receiving. If you have further questions, do leave them in the blog comments and we will do our best to answer as many as possible.

 

Q: What's happened with O2 mobile numbers when I browse the internet on my mobile?

A: Every time you browse a website (via mobile or desktop), certain technical information about the machine you are using, is passed to website owners. This happens across the internet, and enables website owners to optimise the site you see. When you browse from an O2 mobile, we add the user's mobile number to this technical information, but only with certain trusted partners. This is standard industry practice. We share mobile numbers with selected trusted partners for 3 reasons: 1) to manage age verification, which manages access to adult content, 2) to enable third party content partners to bill for premium content such as downloads or ring tones that the customer has purchased 3) to identify customers using O2 services, such as My O2 and Priority Moments. This only happens over 3G and WAP data services, not WiFi.

 

Q: How long has this been happening?

A: In between the 10th of January and 1400 Wednesday 25th of January, in addition to the usual trusted partners, there has been the potential for disclosure of customers’ mobile phone numbers to further website owners.

 

Q: Has it been fixed?

A: Yes. It was fixed as of 1400 on Wednesday 25th January 2012. 

 

Q: Which of my information can website owners access?

A: The only information websites had access to is your mobile number, which could not have been linked to any other identifying information we have about customers.  

 

Q: Why did this happen?

A: Technical changes we implemented as part of routine maintenance had the unintended effect of making it possible in certain circumstances for website owners to see the mobile numbers of those browsing their site.

 

Q: Which customers were affected?

A: It affected customers accessing the internet via their mobile phone on 3G or WAP services, but not WIFI, between 10th of January and 1400 on Wednesday the 25th of January.

 

Q: Which websites do you normally share my mobile number with?

A: Only where absolutely required by trusted partners who work with us on age verification, premium content billing, such as for downloads, and O2's own services, have access to these mobile numbers.

 

Q: The Information Commissioner said he is investigating - what are you doing as part of this?

A: We are in contact with the Information Commissioner's office, and we will be co-operating fully. We have also contacted OFCOM.

-Into The West-

Play League of Legends free
Message 78 of 296
by: kungfusi
on: 25/01/2012 | 12:27
great to hear that the good people are giffgaff are getting on to this so we can all have peace of mind Smiley Happy
Message 79 of 296
by: as7861
on: 25/01/2012 | 12:28

@Craig_t

 

Thanks for the update Smiley Wink 

 

Could people also be advised not to contact agents about this ? 

(asking) 

- Amer Get a free giffgaff Sim
Message 80 of 296
by: pinkcalculator
on: 25/01/2012 | 12:28
Can the other threads be merged and added to this one they are all over the place
Get a free giffgaff Sim
Message 81 of 296
by: craig_t
former giff-staffer

on: 25/01/2012 | 12:29

@pinkcalculator wrote:
Can the other threads be merged and added to this one they are all over the place

On it.

-Into The West-

Play League of Legends free
Message 82 of 296
by: pinkcalculator
on: 25/01/2012 | 12:32
Other thing could O2 be asked to give an official comment on the matter to be posted here as its their error and their issue and they need to have a presence here it shouldn't just be left to gg to clean it all up, I would also say the same for Tesco users too.
Get a free giffgaff Sim
Message 83 of 296
by: darrenpainter
on: 25/01/2012 | 12:35

Interesting that this all kicks off today, just as the EU proposes an overhaul of Data Protection laws Smiley Happy

http://www.bbc.co.uk/news/technology-16722229

Message 84 of 296
by: styly
on: 25/01/2012 | 12:35
@pinky

An official statement from O2 accepting responsibility?
Ever the optimist eh? Haha
"You can jail the Revolutionary, but you can never jail the Revolution"
MY GIFFGAFF FLYERS AND RECRUITING TIPS // NEW SIM ENVELOPE DESIGN - NO GLUE DOTS!!!
Get a free Giffgaff Sim
Message 85 of 296
by: pinkcalculator
on: 25/01/2012 | 12:36
There's already lots of replies to tweets on twitter from O2 so why not to the companies they supply
Get a free giffgaff Sim
Message 86 of 296
by: as7861
on: 25/01/2012 | 12:39

@craig_t 

 

Another thing that maybe linked - 

 

According to this website - 

http://lew.io/headers.php

 

Which states 

 

"To answer some questions and responses I've seen - no, it's not anything client-side. O2 seem to be transparently proxying HTTP traffic and inserting this header. 
Another annoying feature of O2 is that they interfere with the responses from servers too. They downgrade all images and insert a javascript link into the HTML of each page. I've talked to customer service about this lovely feature several times, but they never have a clue what I'm talking about, let alone any idea how to opt out/disable it. "

 

Someone has already investigated that does not work for o2 Smiley Wink 

Maybe interesting to look into Smiley Happy

 

- Amer Get a free giffgaff Sim
Message 87 of 296