Spotted this on my timeline today, made me raise a wary eyebrow (text below pic), @Chris_K tagged, as tweet tagged O2 UK Social Media Team:
PSA: please check if your mobile provider is leaking your phone number to #payforit scammers here: https://t.co/kRVv8OVbZb
If you come up red then get your provider to block "pay to bill" services (here's looking at you @o2)
Further reading of Colin's timeline also reveals
An absolutely fascinating piece of research into how mobile providers leak your mobile number to websites: https://t.co/HogCGI7GKj
URL goes to a legitimate-looking pdf:
I've not seen the link before but @Payforit_Sucks has posted fairly indepth about it too.
Added a short note to @adamtemp64 's guide about the checker url too
Also found the guy mentioned in last post here too. @jonsie - seems he is a genuine cybersec bod.
This is old news. Soon after this was reported, O2 stopped "enriching" headers with unencrypted MSISDNs. These are now encrypted and only O2's "trusted partners" have they key to decrypt.
So the test suggested won't show any problem on any UK mobile network.
However, that doen't mean there isn't a problem. The problem is the nature of many of the "trusted partners" O2 allow to obtain your number, when you use mobile data to access the internet. Some of these partners can be seen here:
I'd much prefer it if O2 didn't leak my number to companies like these.If I want some dodgy company o have my number so that they can defraud me, I'll give it to them myself!
I believe that there could be a breach of GDPR here. There is no NEED to compromise customers' numbers in this way and it is clearly resulting in consumer harm.
Google "MSISDN passthrough" to find out more.