O2 phone number leak: experts spotted flaw two years ago

MOBILE provider O2 faces a customer revolt after it emerged the company is revealing the numbers of its smartphone users to every website they visit via 3G. A security expert has said the problem has been known about for at least two years.

The security flaw was discovered by O2 customer Lewis Peckover, who tweeted about his discovery yesterday. It means that it would be possible for unscrupulous owners of websites to harvest a phone number and connect it with the user’s IP addresses and logins, The Register reports. Users of Tesco Mobile, which piggybacks O2, are also affected.

Angry O2 customers took to Twitter to express outrage their outrage, prompting O2 to tweet: "Security is our top most priority, we're investigating this at the moment and will come back with more info as soon as we can."

However, one security expert has alleged that the flaw has been known about for at least two years – and it appears at least one British network did take notice of the warning and fix the problem.

Graham Cluley writes on his Naked Security blog: “Back in March 2010, Berlin student Collin Mulliner revealed his discovery at the CanSecWest conference in Vancouver and presented a paper on the topic entitled ‘Privacy Leaks in Mobile Phone Internet Access’.”

He points to this story from 2010, which actually singled out Orange as an offender.

Orange has clearly cleaned up its act since 2010, because it and the other major British networks are not revealing users’ phone numbers.

Until O2 fixes the breach, customers can browse without revealing their phone number using a wi-fi connection. ·