The problem, which came to light on a number of O2 message boards and blogs, affected users of handsets that can't accept MMS, such as the new 3G iPhone. Rather than seeing the message, users are presented with a URL from which they can view the image. As these websites aren't secure and don't require passwords or log-ins, a number of the images could be viewed through a simple search in Google and even had the sender's phone number at the top of each photo.
"As these web pages were wide open to the internet, not requiring any authentication, a very small handful were indexed by Google," explained David Cawley, who discovered the flaw, in a blog.
O2, which also runs the Protect Our Children website that provides advice on keeping children safe when using mobile phones, has since removed the website viewing service.
"We have temporarily taken down our MMS web-based viewing service while we investigate this issue fully. This has no impact on the service for customers with MMS-enabled handsets," said an O2 spokesperson.