O2 UK tops daily Twitter limit to calm security fears

O2 UK has exceeded its daily amount of tweets allowed by Twitter in a campaign to pacify subscriber fears over a security breach that gave customers' phone numbers to websites they visited on their mobile phones. 

The company admitted that it had accumulated the same amount of Twitter mentions in a day as it typically does in an entire week as thousands of O2 UK customers sought answers via the company's Twitter account. Worried customers wanted to understand what O2 UK was doing to stop subscribers' mobile numbers were being leaked to any website they visited in a security breach that was only discovered last week.

According to Marketing Week, O2 initially admitted it had been passing customer's cell phone numbers over to "certain trusted partners" since Jan. 10. While the operator said that this was "standard industry practice," it confirmed that the "technical error" was fixed on Jan. 25.   The phone numbers were only stored on web logs and could be accessed by the companies running the sites, but not to other visitors of the sites, according to the Financial Times.

Speaking at a London-based conference last week, James Paterson, O2 UK's public relations and social media campaigns manager, said the company felt that it was important that O2 UK "not stay quietly in [its] shell" as news circulated about the data breach.

Paterson said that the company had adopted a strategy to immediately answer user's questions. "We wanted to respond to as many people as possible with fair answers. In the past we may have just given a Q&A to the well-known media outlets, but our people understand that if you answer queries and communicate to people on social media straight away, problems tend to be resolved more quickly."

Graham Cluley, security consultant at Sophos, the IT security company, told the Financial Times: "It is pretty bad, what they have done, even if it was a mistake. Any website that O2 UK customers have gone to over the last 14 days will have those mobile details, which could be used for spam emails, or even to sign people up to premium rate services without their knowledge. There are plenty of ways to abuse this data."

For more:
- see this Marketing Week article
- see this Financial Times article (reg. req.)

Related Articles:
Report: GSM-R making rail services vulnerable to DoS attacks
Rogue femtocells could be used to steal user data
Smartphones become target for cyber criminals
3G encryption can be broken in 2 hours, 'suggest' security experts