The mobile phone numbers of former Prime Minister David Cameron, Labour leader Jeremy Corbyn, celebrities and millions of other people are being stored in databases that can be searched by the public.
While the numbers cannot be obtained simply by entering a name, data watchdogs are concerned about the way the information has been gathered.
These databases have been compiled by phone apps that promise to block spam calls and let people "reverse-look up" calls from numbers they do not recognise. But it appears many of the names and numbers have been gathered without their owners' knowledge.
The apps, which include Truecaller, Sync.me and CM Security, ask users to upload their phone's contact lists when they install them. That means they end up with huge databases - one app claims to have two billion numbers while another claims more than a billion.
These can then be searched to connect any number with a name, although you cannot put in a name and get a number. Searches can be conducted on the app provider's website without even installing the software.
The issue has been highlighted by Factwire, an investigative journalism organisation that found the numbers of leading Hong Kong lawmakers had been stored in the systems.
Celebrity calls
The BBC has found that many British numbers are also listed - including that of Mr Cameron, Mr Corbyn, Transport Secretary Chris Grayling, the Olympic diver Tom Daley and the music producer Pete Waterman.
We had those numbers already, as did Hong Kong-based Factwire when it conducted its searches.
Many numbers appear to be stored in the databases without the knowledge or consent of their owners.
For example, we found the number of the security researcher Rik Ferguson of Trend Micro in the database of Truecaller, which is based in Sweden. He told us he had not installed the app and had not consented to having his number stored.
He described the app as "highly deceptive" and questioned whether it broke data protection regulations.
"Data can only be collected for specific, explicitly stated and legitimate purposes, may not be kept for a longer period than is necessary and crucially only with the explicit and informed consent of the data subject," he said.
Consent required
There is also concern about the security of the data. In 2013 Truecaller suffered a data breach, admitting that it had fallen victim to a cyber-attack but insisting that no sensitive information had been exposed.
Truecaller told the BBC that it ensured strict protection of user data, which was safely stored in Sweden. The company said it did not share any information with external organisations and in a statement said: "Truecaller is not in violation of the data protection laws in Sweden, nor across the EU as a whole."
We asked the Information Commissioner, Britain's data protection regulator, about Truecaller. The ICO told us: "UK data protection law says businesses are required to process data fairly and lawfully. We're asking questions on behalf of UK citizens and are following up with the Swedish authorities."
The security blogger Graham Cluley, whose mobile number is stored by one of the apps, says everyone needs to be more careful about what they share: "If you upload your address book, you're not just putting your own privacy at risk - but the privacy of everybody else in that address book."
Most of the apps mention in their terms and conditions that users should have permission from their contacts before sharing their data.
One of the apps, CM Security, has now halted its reverse-look up function. All of them say users can opt out if they do not want to have their numbers stored.
Latest Stories
-
Big Chef S4: Rena bids her brother, Jaden, goodbye; Serwaa clinches 2nd Star Chef title
1 minute -
Train Africa’s teachers in AI – or risk an education crisis
6 minutes -
TVET holds key to tackling youth unemployment and driving development – Mine Contractors’ Secretary
12 minutes -
Macroeconomic Stability at Last? An Odyssey of The Economic Upheavals in The 4th Republic and The GoldBod Experiment
23 minutes -
Breaking U.S. laws can lead to deportation, future bans – U.S. Embassy in Ghana warns visa holders
25 minutes -
Cape Coast Assembly begins demolition of unsafe buildings following fatal collapse
28 minutes -
Rapper Fat Joe accused of sex with minors in $20m lawsuit by former hypeman
29 minutes -
Heifer International announces winners at AYuTe NextGen 2025: Youth-led innovations set to transform Africa’s agriculture
30 minutes -
Fisheries Ministry announces 2025 closed season
33 minutes -
Reality of critical patient care when nurses and midwives withdraw services
41 minutes -
Ghana to vaccinate 2.2 million girls against Human Papillomavirus (HPV)
43 minutes -
I’m not just passionate about music, I’m hungry for it – Gyakie
57 minutes -
I haven’t started spending the $5,000 gift from Davido – Ghanaian Tiktoker
59 minutes -
Smart Procurement: Using AI to combat fraud and boost efficiency in Ghana’s public spending
1 hour -
Lions Club commissions modern Diabetes Clinic and Emergency Ward for Suntreso Government Hospital
1 hour