Australia’s second-largest telco has admitted giving its customers’ mobile phone numbers out to ringtone sellers and mobile game websites.

The scale of the disclosures could not be revealed on Wednesday night as Optus staffers were busy getting to grips with the issue.

Optus’s 9.4 million subscribers are affected, as are any mobile phone users who signed up to another service that uses the Optus network, like Virgin or Amaysim.

• Which Aussie telco has the best data deal?
• Three ways your mobile phone is bad for you
• Off the dial: embracing the ‘no frills’ phone

An Optus customer posted to consumer forum Whirlpool that he noticed he was getting unsolicited text messages from premium game-selling service Gamifive Mobivillage after he visited the site.

The catch here is that he hadn’t given the site his number, or so he thought.

Optus purposefully injected his phone number into the data traffic that was sent from his mobile phone to Gamifive.

The customer’s phone number is added to HTTP headers as the data passes through the Optus network, and cannot be stopped unless the telco ends the practice.

An Optus spokeswoman said the injection occurred so that websites which have a commercial relationship with Optus can bill users for digital products they buy on their bill rather than in separate transactions, called direct carrier billing.

Commercial relationships

She said the companies are contracted to maintain a level of user privacy, but would not elaborate on what is and isn’t allowed.

“Optus adds our customer’s mobile number to the information in select circumstances where we have a commercial relationship with owners of particular websites,” she said.

“This is only done with trusted partners where user authentication is required.”

Optus users are warned that “digital identifiers” were passed on to their partners in terms and conditions in customer contracts.

Whirlpool user Sambot9000, who raised the topic, said the practice “breaches” customer privacy.

“The issue is that, with the aim of making direct carrier billing sales slightly easier, Optus fundamentally breach the privacy and security of all their customers by giving away your phone number,” he said.

An Optus privacy statement warns users that their commercial partners will receive “the personal information they need”.

“If you purchase a product that is delivered by one of our partners, we’ll give them the personal information they need to provide it and manage their relationship with you.”