{ "id": "6e12aaa3-9238-46bc-bca9-e7ee80a8af4f", "created_at": "2026-04-06T00:17:05.809544Z", "updated_at": "2026-04-10T03:24:29.737124Z", "deleted_at": null, "sha1_hash": "2e0765e143ebbcd087deed36c7aa9206170562c7", "title": "Shutterfly says Clop ransomware attack did not impact customer data", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1974769, "plain_text": "Shutterfly says Clop ransomware attack did not impact customer data\r\nBy Ax Sharma\r\nPublished: 2023-07-14 · Archived: 2026-04-05 15:38:11 UTC\r\nShutterfly, an online retail and photography manufacturing platform, is among the latest victims hit by Clop ransomware.\r\nOver the last few months, Clop ransomware gang has been exploiting a vulnerability in the MOVEit File Transfer utility to\r\nbreach hundreds of companies to steal their data and attempt extortion against them.\r\nShutterfly offers photography-related services to consumers, the enterprise, and education through various brands,\r\nincluding Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch.\r\nhttps://www.bleepingcomputer.com/news/security/shutterfly-says-clop-ransomware-attack-did-not-impact-customer-data/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/shutterfly-says-clop-ransomware-attack-did-not-impact-customer-data/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nDuring ransomware attacks, threat actors will gain access to a corporate network and steal data and files as they spread\r\nthroughout the system. Once they gain access to a Windows domain controller, and after harvesting all valuable data, they\r\ndeploy their ransomware to encrypt all network devices.\r\nShutterfly: customer and employee data safe\r\nThis week, Clop ransomware gang published Shutterfly's name on its data leak site, among other companies it has targeted,\r\nlargely via the MOVEit SQL Injection vulnerability, tracked as CVE-2023-34362.\r\nClop lists Shutterfly on its data leak site (BleepingComputer)\r\n\"Shutterfly can confirm that it was one of the many companies impacted by the MOVEit vulnerability. Shutterfly's\r\nenterprise business unit, Shutterfly Business Solutions (SBS), has used the MOVEit platform for some of its operations,\"\r\nconfirmed a Shutterfly spokesperson to BleepingComputer.\r\n\"Upon learning of the vulnerability in early June, the company quickly took action, taking relevant systems offline,\r\nimplementing patches provided by MOVEit, and commencing a forensics review of certain systems with the assistance of\r\nleading forensic firms.\"\r\nThe company did not comment on how much was the ransom demand but states that customer and employee data are safe.\r\n\"After a thorough investigation with the assistance of a leading third-party forensics firm, we have no indication that that\r\nany Shutterfly.com, Snapfish, Lifetouch nor Spoonflower consumer data nor any employee information was impacted by the\r\nMOVEit vulnerability.\"\r\nIn March 2022, Shutterfly had disclosed being hit by a Conti ransomware attack that occurred in December 2021. At the\r\ntime of that attack, a source informed BleepingComputer that Conti had encrypted over 4,000 devices and 120 VMware\r\nESXi servers belonging to Shutterfly.\r\nHundreds impacted by MOVEit vulnerabilities\r\nIn June, Clop told BleepingComputer that by exploiting this flaw, it had breached servers belonging to \"hundreds of\r\ncompanies\" to steal data, which is evident from a significant number of organizations that have thus far disclosed being\r\nbreached in Clop's MOVEit hacking spree.\r\nhttps://www.bleepingcomputer.com/news/security/shutterfly-says-clop-ransomware-attack-did-not-impact-customer-data/\r\nPage 3 of 5\n\nSome prominent names like the British multinational oil and gas company, Shell, Deutsche Bank, the University of Georgia\r\n(UGA) and University System of Georgia (USG), UnitedHealthcare Student Resources (UHSR), Heidelberger Druck, and\r\nLandal Greenparks—have since confirmed to BleepingComputer that they were impacted in the attacks.\r\nOther organizations that have already disclosed MOVEit Transfer breaches include Zellis (and its customers BBC, Boots,\r\nAer Lingus, and Ireland's HSE), Ofcam, the government of Nova Scotia, the US state of Missouri, the US state of Illinois,\r\nthe University of Rochester, the American Board of Internal Medicine, BORN Ontario, SOVOS [1, 2], and Extreme\r\nNetworks.\r\nEarlier, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also revealed that several U.S. federal agencies\r\nhad been breached, per a CNN report. Two U.S. Department of Energy (DOE) entities were also compromised, according\r\nto Federal News Network.\r\nIn June, MOVEit Transfer customers were urged to remediate a separate SQL Injection flaw (tracked as CVE-2023-35708),\r\nPoC exploits for which had surfaced online.\r\nLast week, MOVEit resolved yet another critical SQL Injection flaw (tracked as CVE-2023-36934) and warned customers to\r\npatch their applications.\r\nCustomers using the MOVEit File Transfer utility should ensure their instances are up to date and watch out for any new\r\nvulnerabilities that could be exploited in the wild.\r\nBleepingComputer continues to monitor and cover incidents as well as vulnerability advisories related to the program.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nhttps://www.bleepingcomputer.com/news/security/shutterfly-says-clop-ransomware-attack-did-not-impact-customer-data/\r\nPage 4 of 5\n\nSource: https://www.bleepingcomputer.com/news/security/shutterfly-says-clop-ransomware-attack-did-not-impact-customer-data/\r\nhttps://www.bleepingcomputer.com/news/security/shutterfly-says-clop-ransomware-attack-did-not-impact-customer-data/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/shutterfly-says-clop-ransomware-attack-did-not-impact-customer-data/" ], "report_names": [ "shutterfly-says-clop-ransomware-attack-did-not-impact-customer-data" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434625, "ts_updated_at": 1775791469, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/2e0765e143ebbcd087deed36c7aa9206170562c7.pdf", "text": "https://archive.orkl.eu/2e0765e143ebbcd087deed36c7aa9206170562c7.txt", "img": "https://archive.orkl.eu/2e0765e143ebbcd087deed36c7aa9206170562c7.jpg" } }