O2 has been forced to take down its web-based MMS viewing service after hundreds of pictures sent by customers became viewable using a straightforward Google search.
The privacy storm arose after Google searches turned up O2 customer photos, complete with the sender's phone number at the top of each image.
The security breach was caused by MMS messages sent to mobile owners who do not own a compatible phone, including the new iPhone 3G.
Instead of a photo, users receive a URL from which they then click through to a website to view the O2 customer's image.
But because these websites have no password protection or log-in requirements the images can be easily accessed using a simple InURL Google search.
"As these web pages were wide open to the internet, not requiring any authentication, a very small handful were indexed by Google," said David Cawley, on the MailChannels Anti-Spam Blog, who discovered the flaw.
"I was able to craft a Google search that results in some matches to show an example of how this is an insecure method of hosting."
The gaffe is doubly embarrassing for O2, which promotes itself as a leading light in the world of online privacy through its Protect Our Children website.
"We have temporarily taken down our MMS web-based viewing service while we investigate this issue fully. This has no impact on the service for customers with MMS-enabled handsets," said an O2 spokesperson.
Before robots can take over from humans, we need more humans
It's not easy not being evil
The ghost is still in the machine
Campaigners want US authorities to break-up Instagram, WhatsApp and Messenger into separate companies