From tinyprints:
Recently, we detected a criminal cyber-attack on our Tiny Prints, Treat, and Wedding Paper Divas websites, which may have exposed the email addresses and encrypted passwords used by our customers to login to their accounts. We encrypt customer credit and debit card information, and we have no evidence that such information was compromised.
As a precautionary measure, and to ensure the security of your information, we encourage you to change your password for your Tiny Prints, Treat, and Wedding Paper Divas accounts.
If you use the same password on any other websites, we also encourage you to change the password for those accounts.
The safety and security of your information is very important to us. Upon learning about the issue, we immediately started taking steps to further protect your information. We are working with leading security experts to investigate and improve the security of our systems, and we are working with federal law enforcement to assist their investigation of the incident.
We apologize for any inconvenience or concern this may cause. We know you trust us with your personal information and we take our commitment to providing you with a safe experience very seriously.
Sincerely,
The Tiny Prints team
via CSO
Update: Shutterfly notified the California Attorney General’s Office of the breach. According to the metadata, the breach was discovered on November 18.