Tiny Prints, a cardstock vendor and part of Shutterfly Inc.'s brand portfolio, revealed that its systems were compromised in an attack that exposed user email addresses and encrypted passwords.
In its release, Tiny Prints wrote that the attack targeted its main site, as well as Shutterfly Inc.'s Treat and Wedding Paper Divas sites. The company encrypts customers' credit and debit card information and doesn't believe that it was affected.
Although no attackers have been identified, the company is coordinating with federal law enforcement to investigate the incident. Users were notified through email to change their passwords. A web page is also being built to address the attack and provide potential actions for users.
Outside forensic experts are providing insight into the security lapse.[An earlier version of this article incorrectly referred to Tiny Prints as the owner of Shutterfly, rather than being part of Shutterfly Inc.'s brands.]