An untold number of U.K. residents may have unwittingly broadcast their numbers to sites across the Web while browsing the Internet with their cellphones during the past two weeks.
Mobile service provider O2 said Wednesday that a glitch had exposed the numbers of smartphone-toting customers who connected to the Internet over the company's network.
The company, a major subsidiary of Spain's Telefonica, S.A., has some 22 million customers in Britain. It was unclear how many of those may have been affected and a call seeking further comment from O2 was not immediately returned.
The glitch was "potentially very serious," said Matt Bath, the technology editor for British consumer watchdog Which?
"You are making private information available into the wilds of the Web," he said. "A lot of good websites won't do anything with that data at all (but) there's a potential for a rogue website to harvest the information. That is an open door when it comes to spam, which is annoying, but also outright scams."
O2 said in a blog post that the company routinely shares its customers' telephone numbers with what it described as "trusted partners" for purposes such as age-verification and billing for premium content. But because of a glitch introduced during a routine maintenance operation around January 10, "there has been the potential for disclosure of customers' mobile phone numbers to further website owners."
O2 said it had fixed the bug Wednesday and apologized for any concern caused. But Bath said the damage may already have been done.
"This genie is completely out of the bottle," he said. "Some unruly website may be rubbing their hands with glee at the data bounty that's landed on their laps."
The Information Commissioner's Office, Britain's data protection watchdog, said it was looking into the potential breach.
"When people visit a website via their mobile phone they would not expect their number to be made available to that website," the office said in a statement.
O2's blog: http://blog.o2.co.uk/