2023-07-14 21:23:14
Photography service provider Shutterfly is one of the latest companies to fall prey to Clop ransomware, though the company insists that consumer and staff data is not at risk. Operators of Clop ransomware have exploited key vulnerabilities in the widely used MOVEit file transfer application to gain access to the computer networks of hundreds of companies, many of which are leaders in their respective industries.
Massive California-based photo provider Shutterfly has become the latest victim of the data breach site run by Clop. The firm operates a number of other brands in addition to Shutterfly.com. Some examples of these brands are Spoonflower, Snapfish, Lifetouch and Shutterfly Business Solutions (SBS).
This week, the Clop ransomware group posted a blog claiming that “the company doesn’t care about its customers [y] he ignored his safety.”
However, in a statement, a Shutterfly spokeswoman strongly disagrees with this assessment.
“Shutterfly can confirm that it was one of several companies made vulnerable by the MOVEit flaw. According to the person who spoke to the cyber news site, Shutterfly’s enterprise business arm known as Shutterfly Business Solutions (SBS) has used the MOVEit platform for part of its operations.
“As soon as the company became aware of the vulnerability in early June, it moved quickly to take action. They immediately took the relevant systems offline, implemented patches provided by MOVEit, and initiated a forensic review of certain systems with the help of leading forensic firms.”
“After conducting an in-depth investigation with the assistance of a leading third-party forensics firm, we have no indication that any Shutterfly.com, Snapfish, Lifetouch or Spoonflower consumer data or any employee information was affected by the breach. MOVEit vulnerability. said the spokesman. “Consumer data from Shutterfly.com, Snapfish, Lifetouch, and Spoonflower were also unaffected by the MOVEit vulnerability.”
It is not clear what information Clop intends to use to blackmail the image giant. If Shutterfly has determined that the customer’s data is safe, then the only thing Clop can use as leverage is their intellectual property, as long as they’ve managed to get something. Every week, the number of companies whose systems have been compromised by Clop due to unpatched MOVEit instances is increasing. MOVEit developer Progress Software issued a warning in June that its file transfer platform included a total of three vulnerabilities that malicious actors could exploit. The company makes multiple resources available to IT administrators to thwart threats.
Cyber security enthusiast. Information security specialist, currently working as a risk infrastructure specialist and researcher.
Experience in risk and control processes, security audit support, COB (business continuity) design and support, work group management and information security standards.
Send news tips to [email protected] or www.instagram.com/iicsorg/.
You can also find us on Telegram www.t.me/noticiasciberseguridad
#Shutterfly #photography #image #sharing #company #hacked #ransomware