Apple said it was "actively investigating" the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.
"We take user privacy very seriously and are actively investigating this report," said Apple spokeswoman Natalie Kerris.
Photos, some real, some said to be fakes, are said to have been taken from the iCloud accounts of several celebrities, such as actress Jennifer Lawrence. They were posted to the Web image-sharing community 4Chan and have since spread across the Web, showing up on social media sites like Twitter, Reddit and elsewhere.
Security experts said the hacking and theft of revealing pictures from the Apple iCloud accounts of a few celebrities might have been prevented if those affected had enabled two-factor authentication on their accounts.
Apple hasn't yet said anything definitive about how the attacks were carried out, but security researchers at Mandiant, a unit of the security firm FireEye, examined the evidence that has emerged so far, and said it appears to have been was a fairly straightforward attack. That said, it is also one that could have been thwarted had some additional steps to secure the targeted accounts been taken.
That additional step is known as two-factor authentication. Apple calls it "two-step verification," although it doesn't work very hard to tell people about it, said Darien Kindlund, director of threat research at Mandiant.