Etsy issued an unusual warning to users on Tuesday about site security – it appears the hackers who compromised eBay’s user database are hijacking Etsy user accounts, most likely in cases where members used the same password on both marketplaces.
“Over the last few days, Etsy’s security and risk teams have been tracking an increased volume of spam in convos,” Etsy explained.
“If you have been following the news recently, you may have seen that a number of high-profile websites have suffered security incidents. We recognize that some Etsy members use the same usernames and passwords across multiple sites, and that they may be victims of the recent attacks aimed at other websites.”
Etsy said it had no indication that it had suffered any compromise. “We currently believe that the uptick in convo spam that we are seeing is a direct result of usernames and passwords stolen in other attacks being used to login to some Etsy members accounts, but we want you to know that your financial and credit card information has not been compromised.”
Michael Rembetsy, Etsy Vice President of Technical Operations, shared recommendations for how users could keep their accounts secure:
- Change your password to a new, secure password. You should do this any time another site you use is found to have been compromised, especially if you’re using the same username or password elsewhere.
- Enable two-factor authentication, which adds an extra measure of security in addition to your password.
- Enable sign-in notifications if you are concerned about unwanted activity on your account. If Etsy detects anyone signing in to your account from a new browser or device, you will get an email notification. And if you are signing in via a new browser or device, you’ll be given the option to add it as a trusted device.
He linked to more information on how to accomplish those steps, you can read the full warning on this Etsy blog post.
Finally, Rembetsy warned users to be cautious when receiving “convos,” Etsy slang for user-to-user messages, and to be cautious of following any links they may contain.