They haven't solved the problem, just papered over it while they reprogram the authentication (I hope). They only appear to be using Apache's rewriteengine to return an error if referred by an external site.

If you copy modify and paste the urls directly then they are accessble, but are anonymous and completely uninteresting!

O2 should just approach Google et al to prevent these URLs being indexed.

Chances are that the users would prefer security by obscurity so they can send urls to their friends, but a simple password would help a lot.

What's even more amusing is that if you click on the "cached" link of any of the google search results, you still get the full page (mobile number, pictures and all!). Looks like the photos are served from a different server, which they still haven't turned off or secured...

...Google seems to have chached some of the content.

You cant turn off google cache though ;)

You can still see the picture by using googles "Cached" function!

Evidence of O2's ineptitude can still be found in Google's Cache - O2 can't deny it!

It's still cached by Google though! Seems like O2 are going to have to speak nicely to Google about this one too!