Pippa Middleton was at the centre of a major security alert last night after a man offered to sell 3,000 photographs of her and her royal relatives for £50,000 (NZ$89,000).
The pictures, which are believed to be genuine, are said to include images of the socialite, 33, at a wedding dress fitting and naked ones of her fiancé, James Matthews, according to The Sun.
The images are also said to include private images of her sister, the Duchess of Cambridge and her and Prince William's children, George and Charlotte.
A box was superimposed over the gown in one of the alleged dress-fitting images, which is said to show Pippa smiling as her mother, Carole, takes pictures on her camera phone in the background.
Another picture appeared to show Carole inside Pippa's church wedding venue - while yet more are said to show Pippa and friends partying.
The anonymous seller - calling themselves 'mas', and also 'Crafty Cockney' - contacted media organisations claiming they had obtained 3,000 private photos from Miss Middleton's Apple iCloud account.
The cyber thief has demanded 'a minimum of £50,000' within 48 hours as of 4pm, September 23, saying: 'This isnt [sic] an auction it will be a simple process of the highest bid.'
The haul apparently includes photos of parties, wedding dresses, royal children '& pretty much everything in between'.
The seller added: 'Due to current climate on privacy laws in the UK I'm intending a quick US sale but would at least give you a heads-up'.
Last night a source close to Miss Middleton confirmed that the pictures appeared to be genuine. A spokesman said: 'Miss Middleton's lawyers have been informed and, in due course, the police will too.'
The seller offered to converse with journalists through the encrypted messenger service Whatsapp.
He or she added: 'This is obviously a vast source of info and pictures that I neither want nor intend to keep in my possession very long.'
The hacker also said they wanted to sell quickly to a British or US magazine - but would offer first refusal to UK buyers as this would ensure a more 'tasteful' publication.
Plan B would be to return the data to Pippa once payment had been made.
The thief told The Sun to register with Jabber - an encrypted instant messaging app -before making contact again last night.
When pressed on the authenticity of the images, conversations with the hacker faltered.
Earlier, he used an intricate message forwarding technique and routed emails via a gardening centre website in Northamptonshire.
Celebrities' private online accounts have frequently been targeted by hackers. Stars including Hunger Games actress Jennifer Lawrence and model Kate Upton became the victims of a mass iCloud theft in August 2014.
It is thought that more than 100 celebrities fell victim to the hack, which resulted in revealing pictures of them being posted online.
Other high-profile figures who have had their online data stolen include Night Manager star Tom Hiddleston, whose Instagram account was hacked last month.
The hackers had control of the star's account for about two hours and shared an image assuring his fans they would eventually return the his account to him.
Facebook founder Mark Zuckerberg was also the victim of an embarrassing hacking scam back in June, after a Saudi-based group discovered his password was 'dadada'.
Miss Middleton became engaged to James Matthews, a hedge fund manager, in July less than a year after they began dating.
The engagement, which is understood to have taken the 33-year-old former party planner completely by surprise, thrilled Kate and William and delighted the Duchess's parents, Michael and Carole. Mr Matthews, 41, asked Mr Middleton for permission for his daughter's hand before popping the question.
Their marriage will place Mr Matthews into the wider family circle that William and Kate have established.
It will also link them to the celebrity world of James's brother Spencer, who appears on Made In Chelsea.
How to protect your iCloud from hackers
It is possible for users to enhance the security of their documents by turning off iCloud through Settings > iCloud on their device when they are not using it.
They can also turn on two-step verification for their iCloud account.
The tool prevents people accessing accounts - even if they have the password.
To set up two-step verification, go to My Apple ID.
Select Manage your Apple ID and sign in, then select Password and Security.
Under Two-Step Verification, select Get Started and follow the onscreen instructions.
When a user sets up two-step verification, they register one or more trusted devices.
A trusted device is one that can receive 4-digit codes using either SMS or Find My iPhone.
Once enabled, any time a user signs in to manage their Apple ID at My Apple ID, or make an iTunes, App Store, or iBooks Store purchase from a new device, they'll need to verify their identity by entering both their password and a 4-digit verification code.