An unfortunate circumstance but like most things online it's not immune to hacking with hackers trying to exploit these sites daily. But as stated by ShapeShift, their platform is designed to protect customer funds in events like these so it would seem that only their company funds may have been taken.
Since they were not like the traditional exchange, there was no way for hackers to steal user's funds as the funds would only remain on the exchange for the time the exchange (shift) took place, which usually required one confirmation in most cases. But as mentioned it must have affected some when they took down the exchange or when the hot wallets required to complete the shift were emptied by hackers.