data breachShutterfly, an online photography platform, is the latest victim of a hacking attack. Recently, the company disclosed that they were attacked by the Conti gang in December last year (2021). In the aftermath of the attack, the company's breach notification was sent out to affected users. It was also filed with the California Attorney General's Office.

The following is a part of their statement:

"The attacker both accessed data and locked some of our systems. This allowed the attacker to access personal information, including yours."

The access was likely to have occurred around December 3, 2021. The incident was discovered on December 13, 2021."

The statement further states that large amounts of data was stolen and that employees personal information was included. Names, addresses, salaries, login credentials, login credentials for unspecified numbers of Corporate Services users and a wide variety of customer information, including the last four digits credit card numbers, were some of the data stolen.

We don't have an accurate accounting of how many customers, employees, and users were affected by the breach. The company has so far decrypted over 4,000 devices and 120VMware ESXi server belonging to Shutterfly. The investigation is still ongoing.

Shutterfly customers who were affected by the attack will almost certainly have received a copy the official breach notice. If you are a customer, and have not received one yet, you might want to contact the corporate office to verify your account status.

Last but not least, you should change your password immediately if you have an Shutterfly account. You should also change your passwords on other websites if you are using the same password.

Fake Work from Home Opportunities are Phishing for Data

phishing emailIt is no secret that the pandemic has changed the way the world works. Many millions are working remotely, with many more considering it a possibility.

Unfortunately, scammers and hackers have also altered the types of opportunities they are looking for because of the pandemic. It's not surprising that they have begun to target work-from-home opportunities.

According to Proofpoint researchers, this is how a typical campaign looks.

Worldwide, an average of 4000 phishing email per day are sent to victims. While the majority of recipients are located in the United States, phishing emails are also being sent to people living in Australia and Europe.

Over 95 percent of attacks target email addresses linked to universities and colleges. As a first step, attackers hack into university databases to obtain email addresses. Or they leverage a previous breach to buy the data on Dark Web.

Although the exact lure may vary from campaign to campaign, it is always the same: "We're hiring X amount of remote workers to perform this!" The job description is then included with an attachment or embedded link.

If you click the link or open the file, you will be presented with capture boxes that collect login information and other personal details. You can bet that any information you provide to hackers/scammers will be used against you. FBI statistics show that the average loss to victims of fraud in employment is approximately $3,000.

Although it may not be life-threatening, it is still painful. These types of attacks are increasing in post-pandemic countries. Make sure your family and friends are aware.

This is not the first such incident in 2022. So be vigilant. Integrated Technology Systems is here to help you keep your data secure.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017