O2 has been accused of sharing its customers mobile numbers with websites they visit.
An experiment set up by Lewis Peckover, a 28-year-old web systems administrator, shows that O2 provides websites with the mobile number of users who visit.
The numbers are included as plain text in the header information sent by the phone to the website. The data would be easy for a website owner to collect and use for sending SMS messages or making marketing calls.
Peckover said that the problem did not seem to affect all users but was not confined to any one mobile handset or operating system. Customers of other mobile networks were not affected.
However, mobile services that use O2's network, such as GiffGaff and Tesco, were having the same problem.
Graham Cluley, of security firm Sophos, said that the problem had been known for at least two years. He said it was mentioned at a conference in Vancouver in March 2010.
Writing on his blog, Cluley said: "My guess is that it's more likely to be a cock-up than malice which caused this data to be leaked - but what's worse is that the problem is still present almost two years after it was first discovered."
O2 said it was investigating the reports.