How do you track down 21,000 copies of one hacked nude photo?

Over the weekend, private nude photos of celebrities including Kim Kardashian, Amber Heard and Gabrielle Union were leaked onto the aggregator sites 4Chan and Reddit.

These followed an August hack in which nude photos of Kate Upton, Jennifer Lawrence and others were leaked. Several stars retained attorneys, and the FBI said they were investigating the matter.

“Years ago, we didn’t lock our doors but nowadays we have locks and cameras and take personal responsibility for our safety and privacy," said Bruce Anderson, CEO/Co-founder Cyber Investigation Services, LLC. "In terms of cyber security, we have to be personally responsible. You can’t assume everything is safe.”

Not even close. Anderson’s company is working with one celeb who was targeted in the first round of the massive picture hack and had her personal images distributed over 21,000 times on the web.

“For our celebrity client, we’re hoping to find where these pictures are posted and we’re working with their attorneys to serve notices to have their pictures taken down," he said.

More On This...

    But it’s still unclear who is behind the hack.

    "Right now, it’s a wide-open case," said Anderson. "The FBI may have better ideas, but will stay quiet in order to catch them.”

    The FBI told FOX411 its "investigation into alleged computer intrusion/theft is ongoing," but would give no details. Cyber security experts did, however, tell us what law enforcement may be doing behind the scenes, and what -- if anything -- can be done to stop cyber criminals.

    “In any typical hack like this, the FBI will go backwards: who is logged into what, what IP addresses are connected to the account, if it is a hacking through the iCloud itself," said  Anderson. “The hack came from guessing of credentials of celebrities, so that is what is most likely. It doesn’t appear to be a glitch in the iCloud security system.”

    Still, since the first apparent hack, Apple has introduced stronger security procedures. But they don't work if you don't use them.

    “Apple's new two-factor authentication for iCloud is opt-in, so people not using this remain as vulnerable as before,” said Brady Myers, cybersecurity expert at Feint.Co. “Until September 16, Apple didn’t have two factor authentication available for iCloud – only for Apple ID (used to make iTunes purchases).”

    According to Myers, two factor authentication (sometimes abbreviated 2FA) “requires a user to supply a secondary token (usually in the form of a code texted to their phone) along with their account’s username and password when logging in.”

    Four4Four: Inside the celeb nude pic scandal