Reversible data hiding in encrypted images has recently emerged as an effective approach to embed and extract a message in the encrypted domain and losslessly recover the host data while maintaining its confidentiality through encryption. That is, the data hider can embed and extract additional data without knowing the image. This approach can be used in cloud applications where the service provider, i.e., the data hider, is not authorized to access the visual content of the host data for security and privacy purposes. Most existing techniques that have been reported in the literature apply a bit-wise encryption method, also known as the stream cipher, prior to data hiding. However, because of the spatial redundancy that characterizes natural images, the security of such an encryption could be compromised. This work is the first one that analyzes reversible data hiding in encrypted images from a security perspective. It proposes a Ciphertext-Only Attack (COA) and highlights the weakness of current state-of-the-art data hiding systems in the encrypted domain. We particularly show how the data hider can break the security of the encryption system and consequently discloses the visual content of encrypted images. Finally, possible solutions to combat COA with existing systems are discussed.