Do you use Shutterfly?

Online photography platform Shutterfly is the latest high-profile company to fall victim to a hacking attack.  The company recently disclosed that in December of last year (2021) they were targeted by the Conti gang, who successfully breached their system and initiated a ransomware attack. The company's breach notification statement was sent to impacted users and filed with the California Attorney General's Office in the aftermath of the attack.


Shutterfly said this about the breach

"The attacker both locked up some of our systems and accessed some of the data on those systems. This included access to personal information of certain people, including you.

We believe the access occurred on or about December 3, 2021. We discovered the incident on December 13, 2021."

Their statement goes on to say that a large amount of data was stolen, and that it included employee personal information. Some of the information taken were names, addresses, salaries, login credentials for an unspecified number of Corporate Services users, and a wide range of customer information including at least the last four digits of credit card numbers kept on file.


What should you do to defend your data?

Unfortunately, we don't yet have a good accounting of exactly how many users, employees, or customers may have been impacted by the breach.  What is known is that so far, the company has decrypted more than 4,000 devices and more than 120VMware ESXi servers belonging to Shutterfly. Also, the investigation into the matter is ongoing at this time.

If you are a Shutterfly customer who was impacted by the attack, you've almost certainly received a copy of the official breach notification at this point.  If you're a customer and you haven't received one, you may want to reach out to the corporate office to check the status of your account.

Finally, out of an abundance of caution, if you have an account with Shutterfly you should probably change your password right away. If you're using that same password on other web properties, change those too.

My perspective

This will certainly not be the last such incident we hear about in 2022, so stay vigilant out there.


If you are very careful and aware, you can live long and prosper


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak to your association