Massive U.K. Carrier Mistake Breaches Mobile Customer Privacy

[sunnyd]

Story : http://www.wired.com/gadgetlab/2012/01/o2-cell-phone-number-privacy/

In an network maintenance snafu of epic proportions, customers of a European cellular network have had their private data exposed to web sites visited from their smartphones. The security breach lasted for more than two weeks before it was fixed today.

A flurry of reports from mobile customers in the United Kingdom spread across Twitter on Wednesday morning after mobile developer Lewis Peckover discovered a security flaw in devices carried by European mobile network O2. After O2 performed routine maintenance on its network earlier this month, some users’ cell phones inadvertently began sending their owners’ phone numbers to web sites that were visited using mobile browsers over a 3G/WAP connection.

Numbers were not sent, however, when users browsed sites via Wi-Fi.

It’s a significant breach of customer privacy, as the breached phone numbers could potentially be mined for SMS spam, to send premium rate texts, and for other hacks that exploit cell phone numbers.