Hackers hitting celebrity targets only getting started, expert warns

The cyberattack that targeted stars such as Jennifer Lawrence and Kate Upton may be just the tip of the iceberg, predicts a security expert, warning that hackers are becoming more sophisticated.

“We’re clearly in a moment where the hackers have momentum,” Ivan Drucker, CEO and founder of New York City-based security firm IvanExpert told FoxNews.com. “In the next few years, I think we’re going to see more and more security breaches of all sorts, including celebrity photos; it occurs to me that the next era of security to deter the hackers has not been developed yet.”

The FBI and Apple are investigating allegations that the online accounts of a number of celebrities were hacked, after naked photos of the stars were posted online. At this stage, however, specific details about the breach are not known.

“The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high-profile individuals, and is addressing the matter,” said the FBI, in a statement emailed to FoxNews.com, adding that “any further comment would be inappropriate at this time.”

Apple has not yet responded to a request for comment on this story by FoxNews.com.

Drucker outlined three possible hacking scenarios that could have resulted in the leaked photos. In the first, hackers may have used viruses or malware installed on computer or a phone to steal passwords. “But it’s unlikely that it could have been on an iPhone, because there’s no evidence of widespread iPhone security compromises yet,” he added.

In the second scenario, Drucker says that hackers could have launched a “brute force attack,” essentially “spraying” iCloud with multiple passwords until they access an account. “That’s why dictionary words are such dangerous passwords, because that’s the first thing that gets targeted in a brute force attack,” he said.

The third possibility would involve vulnerability on Apple’s iCloud servers themselves, according to Drucker. “There’s no way to verify that, but it’s possible that hackers have identified a vulnerability,” added the expert.

Media reports have already discussed a potential weakness in the “Find My iPhone” feature on Apple’s iCloud online storage service, which may have been exploited by a brute force attack. The website Github, which cited the vulnerability, reported on Monday that it had been “patched” by Apple.

Drucker told FoxNews.com that ongoing high-profile data breaches highlight the need for consumers to protect their passwords. “My strong advice to anyone is to use a password management program to ensure that you use a different password for every website,” he said. “It’s no longer about remembering passwords – it’s about having a program to remember passwords for you.”

Recent security breaches have certainly shone a spotlight on this technology. Last month’s report that a Russian crime ring has gained access to more than a billion Internet credentials, for example, raised the profile of password management products such as Dashlane, LastPass, and 1Password.

Drucker said that consumers should also think about using two-factor security authentication when accessing critical online accounts such as iCloud or Gmail. “With this, when you sign on from an untrusted location, it will send a code to your phone – you can only log on with that code,” he explained. “Most of the big providers offer it and will send some form of text to your phone.”

Follow James Rogers on Twitter @jamesjrogers