A glitch in an electronic chastity belt has allowed a hacker to remotely gain access to them and keep them locked.
Chastity belts have been around for centuries and stop the user or their partner from being able to safely touch their genitals and engage in sex.
The devices are also used in the BDSM community as a way of creating a dominate and submissive relationship, where the former 'owns' the genitals and won't allow the submissive to use them until they are ready.
The Qiui Cellmate was dubbed the 'world's first app controlled chastity device', however, one person has managed to break into the device after the manufacturer left the coding (API) open for attack.
The device connects to an app using an API, however that coding didn't have a password, meaning anyone, anywhere in the world could take control of the device.
A hacker reportedly sent their victims ominous messages that the device had been locked and he would hold their penises to ransom.
"Your c**k is mine now," the hacker told one of the victims, according vx-underground.
A victim told Motherboard that he was sent a message from an anonymous source who demanded he transfer nearly AUD$900 or the device would be locked forever. He checked his lock and and was shocked to see that the hacker had indeed managed to control it.
Because the device locked with a metal ring underneath a user's penis, it would take a heavy-duty bolt cutter or an angle grinder to get the user free.
Thankfully, he wasn't wearing the device at the time and told the hacker to buzz off.
The issues around vulnerability in these types of machines were first raised in October last year when Pen Test Partners discovered there was a chink in the armour.
PTP's Alex lomas told Attitude: "My advice would probably be to stop wearing the device for now, until Qiui have an opportunity to fully fix the issues. As Qiui noted in their statement to Techcrunch 'When we fix it, it creates more problems' so I'd be inclined to wait until they get things sorted.
"The bigger issue of course is that Qiui hold a large amount of intimate and personal data, including users' locations, and really there's not much that users can do about this until Qiui address the vulnerabilities.
"We've heard from one of their users that they've been waiting for months for Qiui to even acknowledge a request to delete their account and data as well."