Four of the five sisters in the clan — Kim Kardashian, Kylie Jenner, Kendall Jenner and Khloe Kardashian — released their own apps and associated websites on Monday to give their fans a paid-subscribers-only glimpse into their private lives.

Kylie’s was the surprise success as the 18-year-old’s app skyrocketed to the number one spot in the Apple iTunes Store.

But when a curious web developer named Alaxic Smith started exploring the linked sites on Monday night, he was astonished to discover a security flaw exposing private information of the first 891,340 users who had signed up at the time.

In a blog post on Medium, which was deleted and reposted as a cached version, the 19-year-old wrote: “This past Monday night was like no other. After a full day of designing, conference calls, and coding, I was catching up on tech news. I saw that the Kardashian/Jenner clan launched their own subscription based apps.”

He continued: “I’ll admit I downloaded Kylie’s app just to check it out. I also checked out the website, and just like most developers, I decided to take a look around to see what was powering the site.”

And that’s when the teenage computer whiz found a JavaScript file, when he punched some code into his browser “just for fun”.

He then landed on a page with the full names and email addresses of the 663,270 people who had registered to Kylie Jenner’s website. Stunningly, Smith had stumbled upon an unsecured API, otherwise known as the site’s application programming interface.

He then realised he could pull the exact same private data from each of the Kardashian-Jenner websites. And interestingly, he found their numbers were much less impressive: 96,635 users on Khloe’s, 80,679 on Kim’s and 50,756 on Kendall’s.

Smith said he also had the ability to create and destroy users, photos and videos.

He reached out to the company behind the apps and sites, Whalerock Industries, to notify of them the security issues — which were since quickly fixed.

“Shortly after launch we were alerted that there was an open API. It was promptly closed,” Whalerock said in a statement seen by TechCrunch.

“Our logs further indicate no one else had access and that no passwords nor payment data of any kind was exposed. Our highest priority is the security of our customers’ data.”

Smith is not speaking to the media, but he did raise the question: “Should users trust not only their personal information, but also payment information with these apps?”

“One thing is for sure, only the Kardashians can release apps out of nowhere, with no prior promotion and amass nearly one million users in less than 24 hours.

“Their influence is undeniable, whether you like them or not.”