Apple is investigating reports that a hacker successfully broke into its iCloud storage service to steal personal files from several prominent celebrities such as Jennifer Lawrence and Kirsten Dunst.
An Apple spokesman told V3 the firm has begun investigating the alleged iCloud attack, but did not confirm if a breach occurred. He said: "We take user privacy very seriously and are actively investigating this report."
News of the alleged attack broke on Monday when a number of celebrities' personal files stored on iCloud were posted on the internet.
The attacker is believed to have stolen them with a brute-force attack, using various tactics to guess the celebrities' passwords, though Apple is yet to confirm this.
If true the two-factor authentication security measure offered on the iCloud should have mitigated the attack, indicating that the victims may not have had the feature turned on. However, there is no official information to confirm this.
While the exact attack mechanism remains unknown, or if the leak was the result of a vulnerability in iCloud, experts within the security community have begun citing the incident as proof that corporations cannot trust consumer cloud services.
Tim Erlin, director of security and risk at Tripwire, argued the iCloud incident showcases an ongoing issue regarding the location of data stored on cloud services, with many unaware data is often copied to the cloud from their device.
"The evolution of data stored in one physical location until intentionally moved or copied, to seamless cloud synchronisation and mixed online/offline interactions, creates a near total lack of transparency for the average user into where exactly their data is," he said.
"When you take an action on your phone, and it synchronises to your laptop and tablet, that data is almost certainly going somewhere else, being stored and backed up.
"Each of these locations and systems in which the data exists creates a vector for attack that must be protected. We are largely at the point where nothing you do on your iPhone can be considered private."
Mike Ellis, CEO at ForgeRock, mirrored Erlin's sentiment, citing the incident as proof that businesses and cloud service providers need to work harder to improve their cloud security policies.
"Global brands and large organisations that fail to take the right steps to address the growing complexity of identity relationship management risk not just a big dent in their reputation and trust," he said.
"This example is just the tip of the iceberg and must be addressed sooner than later."
Cloud security has been an ongoing issue facing firms of all sizes. Concerns peaked in 2013 when whistleblower Edward Snowden leaked documents to the press proving the US National Security Agency (NSA) was siphoning user information from numerous cloud service providers.
For more on protecting data stored in the cloud, visit the Intel IT Center
Insecticides based on sulfoxaflor might be as bad for bees as neonicotinoids
Intel teases forthcoming new graphics card accompanied by the text "We will set our graphics free"
Think your password manager is completely secure? Think again...
ARM plans 7nm 'Deimos' for 2019 and 5nm and 7nm 'Hercules' for 2020