Cybernews confirms Shutterfly as one of the latest victims impacted in the far-reaching hacks of the MOVEit file transfer system. Warner Bros. Discovery and AMC Theatres are also named.
Shutterfly INC was named Thursday as part of the latest batch of victims to be outed by the Russian-affiliated Cl0p ransomware group.
Shutterfly’s Vice President of Communications, Jennifer George, confirmed to Cybernews that the photo and gift company had been impacted. Still, it appears that no customer data was compromised in the attack.
“Shutterfly’s enterprise business unit, Shutterfly Business Solutions (SBS), has used the MOVEit platform for some of its operations,” Shutterfly said in a statement sent directly to Cybernews.
“Upon learning of the vulnerability in early June, the company quickly took action, taking relevant systems offline, implementing patches provided by MOVEit, and commencing a forensics review of certain systems with the assistance of leading forensic firms,” the statement continued.
“After a thorough investigation with the assistance of a leading third-party forensics firm, we have no indication that any Shutterfly.com, Snapfish, Lifetouch, nor Spoonflower consumer data nor any employee information was impacted by the MOVEit vulnerability,” it said.
The California-based company was founded in 1999 as a digital photo storage platform and has evolved to be a global marketplace for a wide array of custom photo gifts.
Shutterfly is the parent company of online brands Snapfish, Lifetouch professional photography services, BorrowLenses equipment rental, Spoonflower e-marketplace, and Shutterfly Business Solutions.
Meantime, Warner Bros. Discovery and AMC Theatres have also been added to the Cl0p ransom gang’s ever-growing list of MOVEit victims – currently tallied at around 150 victims named.
Cybernews has reached out to both entertainment companies and is awaiting a response.
Cl0p and the MOVEit attacks
The Russian-linked Cl0p ransom gang claimed responsibility for exploiting a zero-day flaw in the MOVEit file transfer system on their dark leak site June 14th.
The gang began slowly leaking the names of victims unwilling to negotiate, starting on June 15th.
The Moveit Transfer system is made and distributed by the American software company Progress. It's estimated that thousands of companies use the system around the world to securely send and receive files.
Cl0p also made headlines in March, claiming responsibility for another zero-day attack exploiting the similar Go Fortra Anywhere file management system affecting roughly 120 companies worldwide.
It is thought the number of MOVEit victims will be at least double that of the Go Anywhere hacks.
More from Cybernews:
Subscribe to our newsletter