Shutterfly hit by a Conti ransomware attack

Shutterfly, an online platform for photography and personalized products, has been affected by a ransomware attack.

Shutterfly, is American photography, photography products, and image sharing company that owns multiple brands such as BorrowLenses, GrooveBook, Lifetouch, Shutterfly, Snapfish, Spoonflower, and Tiny Prints.

The service allows users to create personalized photo gifts such as smartphone cases, photo books, wall art, and home décor).

The ransomware attack compromised parts of its network, including manufacturing and corporate systems. As a result of the attack, thousands of systems have been infected with ransomware and threat actors stole corporate data.

Shutterfly.com, Snapfish, Spoonflower, and TinyPrints websites were not affected by the security breach.

“Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites. However, portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions.” reads the statement issued by the company. “As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident. However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate.”

According to BleepingComputer, Shutterfly systems were infected with Conti ransomware who claims to have encrypted over 4,000 devices and 120 VMware ESXi servers. The ransomware gang set up a private data leak page containing screenshots of files allegedly stolen from Shutterfly.

The security breach took place two weeks ago and the company is still working to restore operations with the help of third-party cybersecurity experts.

The good news is that the security breach did not impact the financial information or social security numbers of the customers.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]