Vodacom exposing subscriber details
Vodacom is providing information which uniquely identifies you as a subscriber to websites you visit while on its data network.
This was revealed by an online tool created by security researcher, Kenneth White.
Among the data, Vodacom subscribers are inadvertently providing to web servers their phone number and a unique identifier for their device called the IMEI/SV.
Recent media reports suggest that this data is being sent to web servers because Vodacom is modifying the web traffic of its subscribers.
In particular, it is injecting an additional hypertext transfer protocol (HTTP) header into the messages subscribers send to servers when requesting items such as web pages.
When asked about the apparent data leak, Vodacom said it is still investigating the issue as a matter of urgency.
The group acknowledged that it makes use of “header enrichment” to share necessary data with trusted third-party services on its network, but wanted to reassure its customers that their information is not being routinely shared with all websites.
“Header enrichment is not our default operation,” Vodacom said. “We use it for a select number of Vodacom and trusted third-party services, such as charge-to-bill.”
Vodacom said that this information was not being shared with all websites, nor was it intended to be shared with all web servers.
The group said it will provide a further update once its investigation is complete.
More on Vodacom
Government may pull out of Vodacom: report
Vodacom to launch sub-R1,500 LTE smartphone