Israeli researchers have discovered a major security breach involving a company which provides access control for thousands of organisations in more than 80 countries – including London's Metropolitan Police.

Noam Rotem and Ran Locar, working with a company called VPNMentor, discovered that Biostar 2, a platform which uses biometric face and fingerprint controls to allow access to secure areas, had left millions of records – including the fingerprints of more than one million people, photographs, names, addresses and other personal information – open to the public.

VPNMentor said that although it had discovered the unprotected nature of the data on August 5, it had taken more than a week for Suprema, the company operating Biostar 2, to make the data private.

Mr Rotem told The Guardian the pair had been able to access “plain-text passwords of administrator accounts”, which enabled them to “see in real time which user enters which facility or which room in each facility”.

He added he also “able to change data and add new users” to allow anybody to enter the buildings the accounts they had accessed could enter.

Mr Rotem said it was "crazy" what he was able to access, telling the BBC that after finding the major breach they had difficulty informing Suprema of the problem, saying that “we started calling all of the offices one by one and had to deal with people just hanging up the phone.”

Suprema told the Guardian that “if there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers' valuable businesses and assets.”