|Thu Apr 25 2013 09:06:19|
Sellers Raise Question in Wake of Etsy Privacy Breach
By: Ina Steiner
In an email sent to shoppers this week, "Fresh Offerings from Your Favorite Shops," Etsy mistakenly included the names of sellers taken from their credit card information on file. No other credit card information was included in the email.
It's not clear how it happened since all credit card information should be encrypted on Etsy's servers. Sellers are calling into question how safe their information. Wrote one seller, "If this was a simple error due to an engineer's inputting of an incorrect data field (credit card name), then would it also be possible for a similar mistake to be made with a different incorrect data field? In other words, could our credit card numbers just as easily be broadcast in an Etsy marketing email?"
Other reaction included:
"Etsy strikes again. So fun for all the people that do not disclose their names for safety reasons. Helllooooooo Etsy."
"I just got the email, and sure enough the full name of all of the sellers is showing. Middle name and all. I just checked the shops in the email, and they do not have their full names showing. I do like the idea of the email, but I do not like the fact that real names are showing if people chose not to have their full name on their shop."
"I'm also pretty worried. My full name is not disclosed anywhere and I don't want it to be."
"Even the shops who have only a single first name nickname listed are being shown with their full name including an initial. So Dee, if you're in one going out to someone it will show your full name, including your middle initial, not just Dee. Yikes, this is not good."
"I would say the legal ramifications could be quite serious. This isn't a little thing. There are users here on Etsy, I know some from some teams who need to keep their name private due to stalkers and abusive people they are trying to keep in their past. So this is huge mistake on Etsy's part."
Etsy sellers are researching articles and presentations about security to see how such a mistake could have been made. An article about how Etsy uses Big Data from Network World caught their attention and made some sellers uncomfortable about the apparent ease with which programmers could make changes to the site:
"Sifting through data, adjusting page elements, and improving site engagement is standard operating procedure at Etsy, which uses an approach known as continuous deployment. Any of Etsy's 150+ engineers can deploy code to the live site at any time - and that happens 20 to 30 times a day. (Newly hired engineers are encouraged to deploy on their first day on the job.)"
We've got questions in to Etsy - a spokesperson referred me to statements provided by Marc Hedlund, Senior Vice President of Product Development and said she would inform me of additional information she could share this morning, including whether Etsy would notify those sellers who were impacted by the breach.
Details can be found in Thursday's EcommerceBytes Newsflash.