Thanks to a shoddy bit of configuration involving its 4G calling software, punters' locations were effectively up for grabs to anyone clued-in enough to look. The problem, discovered by IT bod Dan Williams, meant location data like cell ID and area codes were being leaked like a sieve.

Williams, who flagged the issue to Virgin Media O2 in March, got the usual corporate shrug.

“I don’t want to be the enemy, I simply want to feel comfortable using my phone,” he said. He finally went public on his blog in May after getting radio silence from the telco.

The company, which boasts 45 million customers, admitted it had started using the flawed software in 2023 but couldn’t say how long the vulnerability was live.

It insists that “specialist knowledge” was needed to exploit the flaw and that no actual hacks took place, though Williams demonstrated he could pinpoint someone to Copenhagen city centre using just a SIM and some open-source tools.

Job’s Mob users were particularly exposed since some iPhones don’t allow 4G calling to be turned off which was a key workaround to stop the tracking.

Virgin Media O2 claims its engineers have now patched the problem and told punters they don't need to lift a finger.

“Our customers do not need to take any action. There has been no external compromise of our network security at any time,” a spokesperson said.

Not that the issue was confined to Virgin customers. Those on Giffgaff and Tesco Mobile, who piggyback on Virgin Media O2’s network, were equally exposed.

Ofcom and the Information Commissioner’s Office have both been notified. Ofcom is trying to determine “the scale and cause of the problem,” while the ICO appears to be letting it slide for now, saying it won’t take any further action “at this stage.”