As mentioned on this mailchannels.com, O2 have a rather major leak on their website, meaning anyone can access some customers photos and MMS messages without authentication.
Now MMS enabled phones are used much more frequently, O2 enabled a feature meaning that customers without a MMS-capable mobile phone receive a text message informing them they can collect their message online.
You may assume that if you use this service to send a photo to a friend that your photo is protected and not broadcast for the entire world to see.
Unfortuately, you're wrong. O2's site has a fairly problematic bug meaning the images are only secured by a random passphrase.
I have reported the case to several agencies in the UK. Hopefully something will be done about this. In the mean time, please spread the news!
The URL for these images is protected by only a 16 digit HEX code. It would be quite easy to write a script to try various combinations of 16 hex digits to try and randomly view a photo but depending on how many photos are being hosted the hit rate could be quite low.
David at MailChannels has come up with a Google search which locates some of the images that could be found with this service:
http://www.google.com/search?hl=en&q=inurl:mms2legacy&start=20&sa=N&filter=0
Worse still, the majority of the images taken on cameras turns out to be children. Ironically, O2 has a website dedicated to "Protect Our Children", well a good first step would be to avoid leaking customer photos.
Written by Techtoad with parts from blog.mailchannels.com.
Link to this page: http://xcns.co.uk/o2/mmsleak.php