leaving them vulnerable to hackers and extortionists. Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, and LGBT apps Pink, Brish and Translove. These services are used by an estimated 800,000 to 900,000 people.

M.A.D Mobile was first warned about the security flaw on January 20th but didn't take action until the BBC emailed on Friday. They have since fixed it but not said how it happened or why they failed to protect the sensitive images.

Ethical hacker Aras Nazarovas from Cybernews first alerted the firm about the security hole after finding the location of the online storage used by the apps by analysing the code that powers the services. He was shocked that he could access the unencrypted and unprotected photos without any password.

"The first app I investigated was BDSM People, and the first image in the folder was a naked man in his thirties," he said. "As soon as I saw it I realised that this folder should not have been public."

The images were not limited to those from profiles, he said – they included pictures which had been sent privately in messages, and even some which had been removed by moderators. (BBC)