O2 has been forced to take down its web-based MMS viewing service after hundreds of pictures sent by customers became viewable using a straightforward Google search.
The privacy storm arose after Google searches turned up O2 customer photos, complete with the sender's phone number at the top of each image.
The security breach was caused by MMS messages sent to mobile owners who do not own a compatible phone, including the new iPhone 3G.
Instead of a photo, users receive a URL from which they then click through to a website to view the O2 customer's image.
But because these websites have no password protection or log-in requirements the images can be easily accessed using a simple InURL Google search.
"As these web pages were wide open to the internet, not requiring any authentication, a very small handful were indexed by Google," said David Cawley, on the MailChannels Anti-Spam Blog, who discovered the flaw.
"I was able to craft a Google search that results in some matches to show an example of how this is an insecure method of hosting."
The gaffe is doubly embarrassing for O2, which promotes itself as a leading light in the world of online privacy through its Protect Our Children website.
"We have temporarily taken down our MMS web-based viewing service while we investigate this issue fully. This has no impact on the service for customers with MMS-enabled handsets," said an O2 spokesperson.
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23
Asda, Morrisons and Tesco in the frame for checkout facial recognition technology
Research opens up new possibilities for structural batteries, where the carbon fibre forms part of the energy system
Another shape could have indicated hard-to-detect particles