O2 Logo
O2 has apologised for sharing users' numbers with websites accidentally O2

O2 has issued an apology for the major security flaw which saw the mobile network accidently leak users' mobile phone numbers to every website they visited.

The mobile network blames technical changes implemented as a part of routine maintenance on 10 January for the problem.

The apology, in the form of a Q&A post on the company's blog said: "Security is of the utmost importance to us and we take the protection of our customers' data extremely seriously.

"We have seen the report published this morning suggesting the potential for disclosure of customers' mobile phone numbers to website owners.

"We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused."

O2 also stated that, although users' mobile phone numbers were shared with websites visited, the number "could not have been linked to any other identifying information we have about customers."

O2 was accidently revealing users' mobile phone numbers to every website they visited when using a mobile internet connection (as opposed to Wi-Fi). The number was included in a set of data known as headers, these usually contain harmless information such as which browser the site was accessed with.

The flaw is believed to have affected the majority of O2's users who browse the internet, but BlackBerry users remained safe as their phones use manufacturer Research In Motion's own servers to connect to the internet.

By disclosing users' phone numbers means that site owners could have collected phone number of visitors, which could then be used for telephone and text marketing campaigns, or even to subject to phishing scams.

The problem was discovered by London-based programmer Lewis Peckover, who created a basic website that would display the headers received from visitors. The International Business Times UK found that, while the number of a Vodafone phone was not disclosed, the number from an O2 iPhone was displayed.

O2 said in the Q&A post on its blog that the network is in contact with the Information Commissioner's Office, with which it will be cooperating fully, and it is also contacted OFCOM.

Finally, O2 added that it will continue to share phone numbers of users, but only "where absolutely required by trusted partners who work with us on age verification, premium content billing, such as for downloads, and O2's own services, have access to these mobile numbers."

Tesco Mobile and Giff Gaff are also believed to have been affected, as they use O2's network in the UK. O2 has around 22 million users and it is the UK's second-biggest mobile network.