UPDATE: O2 has now released a statement on its blog confirming the security leak, and states the problem has been fixed. Apparently the bug was introduced on Jan 10th, so has been active for just over two weeks.
We applaud its efforts in fixing this issue so promptly, but are surprised the error wasn't picked up in testing before the change was rolled out.
Web guru @Lewispeckover has discovered that O2 is apparently leaking customers' details to websites they visit on their mobile. He set up a website that shows you what info your phone is sharing, and users on O2 who browse to that site using 3G (not Wi-Fi) might be shocked to discover their phone number is bundled in there.
This problem seems to be limited to O2 in the UK, but will also affect any piggy-back operators such as Tesco Mobile and giffgaff. Lewis discovered the problem yesterday lunchtime, but it's unknown how long the leak has been going on. The scale is also unknown – it may just be a few users affected, or most of them – although some O2 subscribers are reporting no issues.
Speculation so far suggests this is an accidental leak of private information, but O2 is currently investigating and is yet to release a formal statement. We'll update this story when we hear more.
Whether accidental or not, this has to be a massive breach of data protection and could – in a worst case scenario – result in unscrupulous website owners stealing phone numbers and harassing victims with spam calls and texts.
If you visit Lewis' site and discover that your number is indeed being shared, let us know below...