Shutterfly, Discovery, AMC Theatres named in MOVEit attacks


Cybernews confirms Shutterfly as one of the latest victims impacted in the far-reaching hacks of the MOVEit file transfer system. Warner Bros. Discovery and AMC Theatres are also named.

Shutterfly INC was named Thursday as part of the latest batch of victims to be outed by the Russian-affiliated Cl0p ransomware group.

Shutterfly’s Vice President of Communications, Jennifer George, confirmed to Cybernews that the photo and gift company had been impacted. Still, it appears that no customer data was compromised in the attack.

“Shutterfly’s enterprise business unit, Shutterfly Business Solutions (SBS), has used the MOVEit platform for some of its operations,” Shutterfly said in a statement sent directly to Cybernews.

“Upon learning of the vulnerability in early June, the company quickly took action, taking relevant systems offline, implementing patches provided by MOVEit, and commencing a forensics review of certain systems with the assistance of leading forensic firms,” the statement continued.

“After a thorough investigation with the assistance of a leading third-party forensics firm, we have no indication that any Shutterfly.com, Snapfish, Lifetouch, nor Spoonflower consumer data nor any employee information was impacted by the MOVEit vulnerability,” it said.

Shutterfly MOVEit attacks

The California-based company was founded in 1999 as a digital photo storage platform and has evolved to be a global marketplace for a wide array of custom photo gifts.

Shutterfly is the parent company of online brands Snapfish, Lifetouch professional photography services, BorrowLenses equipment rental, Spoonflower e-marketplace, and Shutterfly Business Solutions.

Meantime, Warner Bros. Discovery and AMC Theatres have also been added to the Cl0p ransom gang’s ever-growing list of MOVEit victims – currently tallied at around 150 victims named.

Cybernews has reached out to both entertainment companies and is awaiting a response.

Cl0p and the MOVEit attacks

The Russian-linked Cl0p ransom gang claimed responsibility for exploiting a zero-day flaw in the MOVEit file transfer system on their dark leak site June 14th.

The gang began slowly leaking the names of victims unwilling to negotiate, starting on June 15th.

The Moveit Transfer system is made and distributed by the American software company Progress. It's estimated that thousands of companies use the system around the world to securely send and receive files.

Earlier this week, Cybernews confirmed the MOVEit attacks had impacted ING Bank, as well as three other major European banks, including Deutsche Bank and Postbank.

Choice Hotels’ Radisson Americas chain, Honeywell, and Crowe accounting advisory firm also reported to Cybernews a loss of customer data this week.

Other recent MOVEit victims include PWC, Ernst & Young, Sony, Siemens Energy, the NYC Department of Education, and Shell Global, the first victim to be named by Cl0p on June 14th.

Several US federal agencies, including the Department of Energy and Health, were impacted, prompting US officials to issue a $10 Million dollar bounty on the Cl0p gang.

Cl0p also made headlines in March, claiming responsibility for another zero-day attack exploiting the similar Go Fortra Anywhere file management system affecting roughly 120 companies worldwide.

It is thought the number of MOVEit victims will be at least double that of the Go Anywhere hacks.