Photography company Shutterfly impacted by Clop's exploitation of MOVEit Transfer vulnerability

American photography, photography products, and image-sharing company Shutterfly said it suffered a cyber security incident as a result of hackers exploiting a critical vulnerability in the MOVEit Transfer web application.

Earlier this year, US company Progress Software said that threat actors found a way to exploit a zero-day SQL vulnerability in the Moveit Transfer web application.  This enabled the hackers to exfiltrate data from the web application. Hundreds of organisations worldwide use the Moveit Transfer application to send and receive files securely.

Recently, the Clop ransomware gang, which claimed responsibility for exploiting the SQL vulnerability in the Moveit Transfer web application, listed Shutterfly as a victim alongside hundreds of other organisations on its dark web site.

Acknowledging the claims of the threat actors, a Shutterfly spokesperson told BleepingComputer that the Clop ransomware group’s claim was accurate. “Shutterfly can confirm that it was one of the many companies impacted by the MOVEit vulnerability. Shutterfly’s enterprise business unit, Shutterfly Business Solutions (SBS), has used the MOVEit platform for some of its operations,” the spokesperson said.

They added that as soon as the security incident was identified in early June, “the company quickly took action, taking relevant systems offline, implementing patches provided by MOVEit, and commencing a forensics review of certain systems with the assistance of leading forensic firms.”

While the company did not state whether any ransom was demanded by the threat actors or if any data was taken from its systems, it did say that customer and employee data were safe and weren’t affected by the data breach.

“After a thorough investigation with the assistance of a leading third-party forensics firm, we have no indication that any Shutterfly.com, Snapfish, Lifetouch nor Spoonflower consumer data nor any employee information was impacted by the MOVEit vulnerability,” the spokesperson added.

More than 280 organisations worldwide have so far been affected by the exploitation of the zero-day vulnerability in the MOVEit Transfer web application. Earlier this month, Choice Hotels, the parent company of global hotel chain Radisson Hotels, said it used the Moveit Transfer web application and became a victim when the vulnerability was exploited by hackers.

In a statement shared with the media, the company said, “Unfortunately, we have confirmed that MOVEit software, from our vendor, had a vulnerability that was exploited by bad actors, resulting in data breaches affecting many of their customers, including Radisson Hotels Americas.”

American National Insurance Company, one of the largest insurance providers in the U.S.,  also said that Progress Software is one of its service providers and the company has already launched an investigation to determine if any data has been accessed by the infamous Clop ransomware group.