The issue was flagged up by Twitter user and London-based programmer @lewispeckover who set up a website to expose the flaw showing how mobile phone numbers of O2 customers browsing via 3G are appearing in the 'http' header of the websites they visit. His personal number was embedded inside a 'http' header called HTTP_X_UP_CALLING_LINE_ID.
On the web page, @lewispeckover accuses the company of “transparently proxying HTTP traffic and inserting this header.” There has also been a number of reports suggesting that users of GiffGaff and Tesco, who use the O2 network, are also affected.
It’s currently unclear whether the information posted occurs on every website visited, or whether O2 has a select number of sites that it chooses to share the personal information of its customers with. Either way, #O2 users are up in arms on Twitter demanding answers.
O2 has yet to comment on the issue, which has been gaining momentum throughout the day and has now attracted mainstream media channels, but has said the security breach is being 'investigated as a top priority' The Information Commissioner's Office has told The Guardian that there is no signs that O2 has breached the Data Protection Act, though it is considering investigating further.
