Ina Steiner EcommerceBytes Blog
News and insight focusing on ecommerce.
by Ina Steiner, Editor of EcommerceBytes.com
Thu Apr 25 2013 09:06:19

Sellers Raise Question in Wake of Etsy Privacy Breach

By: Ina Steiner

Sponsored Link

In an email sent to shoppers this week, "Fresh Offerings from Your Favorite Shops," Etsy mistakenly included the names of sellers taken from their credit card information on file. No other credit card information was included in the email.



It's not clear how it happened since all credit card information should be encrypted on Etsy's servers. Sellers are calling into question how safe their information. Wrote one seller, "If this was a simple error due to an engineer's inputting of an incorrect data field (credit card name), then would it also be possible for a similar mistake to be made with a different incorrect data field? In other words, could our credit card numbers just as easily be broadcast in an Etsy marketing email?"

Other reaction included:

"Etsy strikes again. So fun for all the people that do not disclose their names for safety reasons. Helllooooooo Etsy."

"I just got the email, and sure enough the full name of all of the sellers is showing. Middle name and all. I just checked the shops in the email, and they do not have their full names showing. I do like the idea of the email, but I do not like the fact that real names are showing if people chose not to have their full name on their shop."

"I'm also pretty worried. My full name is not disclosed anywhere and I don't want it to be."


"Even the shops who have only a single first name nickname listed are being shown with their full name including an initial. So Dee, if you're in one going out to someone it will show your full name, including your middle initial, not just Dee. Yikes, this is not good."

"I would say the legal ramifications could be quite serious. This isn't a little thing. There are users here on Etsy, I know some from some teams who need to keep their name private due to stalkers and abusive people they are trying to keep in their past. So this is huge mistake on Etsy's part."


Etsy sellers are researching articles and presentations about security to see how such a mistake could have been made. An article about how Etsy uses Big Data from Network World caught their attention and made some sellers uncomfortable about the apparent ease with which programmers could make changes to the site:

"Sifting through data, adjusting page elements, and improving site engagement is standard operating procedure at Etsy, which uses an approach known as continuous deployment. Any of Etsy's 150+ engineers can deploy code to the live site at any time - and that happens 20 to 30 times a day. (Newly hired engineers are encouraged to deploy on their first day on the job.)"

We've got questions in to Etsy - a spokesperson referred me to statements provided by Marc Hedlund, Senior Vice President of Product Development and said she would inform me of additional information she could share this morning, including whether Etsy would notify those sellers who were impacted by the breach.

Details can be found in Thursday's EcommerceBytes Newsflash.




Comments (26) | Leave Comment | Permalink

Readers Comments

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: StayClassy This user has validated their user name.

Thu Apr 25 10:03:21 2013

I wish I could say I am surprised, but this is repeat behavior. Chad Dickerson brags about their programmers having unfettered access to live code from day one, hour one of employment. It is worrisome that this may also include the janitor. To Etsy I wanted to say one thing- ''Reported''

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

This user has validated their user name. by: Sandymenu

Thu Apr 25 10:47:43 2013

Once a CEO, Employee or site expresses regret which in this blog case} We sincerely apologize

then this would be a public receipt for valid individual or class action lawsuit.

It just takes ONE privacy error to ruin ONE person (buyer/seller) online.

This is 100% Unacceptable and there is no excuse.

I no longer offer their own Etsy Pay option nor do I recommend it due to my own experiences.

I do not/will not:

1) Sign Up to Pay Your Bill Automatically
2) Sign Up to accept their Etsy Pay or Gift card option

STICK to PayPal or OTHER Pay options because I had a buyer contact me informing item not received after paying with their own Etsy Shop Pay. What happened is Etsy sent me their OLD registration address instead of what the buyer had on Payment file. Etsy (without waiting for seller reply) automatically advised ''Suspension next if not delivered''.

I refunded buyer, tracking showed received and provided to Etsy and they closed the case as delivered and permitted buyer not to repay item.

Etsy then followed up (some dumb kid) and said ''sorry for our mistake. You case is successfully closed'' and that was it!

Had I offered only PayPal, then this mess would have been resolved as delivered to address provided by PP.

Once they (any CEO or site) blame it on a bug or glitch then that's your clue to know} its a LIE!

I've got vintage waffles to cook now!

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: cookiepuss This user has validated their user name.

Thu Apr 25 12:32:18 2013

Marc says that the actual cc numbers aren't available to programmers as they are stored in a different place. (tho i didn't notice him saying that any other personal info is stored with those cc numbers) Makes no sense that the numbers would be one place and the names on the cc would be in another. So, did the programers hook into the area where the billing info is stored in the super secret secure area, or did they hook into the not so secure billing info database? Bullpucky. I don't believe for a second that Etsy stores member names (as they appear on cc) one place and the rest of the billing info in another. More likely these are all stored together, each in its own field within our profile. Someone hit a wrong button or wrote a wrong code and bingo, cc names replace shop names in a marketing email. As far as I'm concerned, it could have been cc numbers, billing histories or addresses just as easily.

These people seem to play pretty fast and loose with member info then say 'oops' and move on to the next needless experiment. Etsy needs to decide whether it wants to be an ecommerce site or a tech lab.

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

This user has validated their user name. by: Sandymenu

Thu Apr 25 13:20:45 2013

@ cookiepuss, I feel your Bullpucky moments and understand your input. Thank you!

Every seller has their OWN story to share whether it be good/ bad/ ugly. I'm just sharing ''my situation'' so that ''if'' it should/did happen to others then at least they may decide what works best for them.

INA puts these blogs as a very helpful tool to not only bring awareness into play but to educate and absorb ones opinion about the topic PLUS any (if any) added information to share as I and the 2 others above me have.

It is VERY IMPORTANT that selling-site owners start to realize:

1. Sellers work VERY HARD for various reasons to create ads with a site. Buying items, cleaning/photographing images/cropping/List to Sell/etc/etc/etc...

It is not an easy task but MOST would agree that it requires careful LABOR in order to get it ready for market.

2. Selling sites remind us that, we only get ONE CHANCE to get it right but we're here to remind selling site owners that while they're enjoying their daily soda pop and ping pong luncheons and after hour leisure in a comfortable way, this is because it is the SELLERS that handed you a paycheck!

4. Without sellers, there would be NO buyers!

Here's wishing MOST FITS ALL the best of good luck within this new programming excuse called: glitch!

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

This user has validated their user name. by: Forestt

Thu Apr 25 14:32:16 2013

Etsy is baby eBay. Same story, different bat channel. 'nuff said.

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: Patricia This user has validated their user name.

Thu Apr 25 15:42:32 2013

More and more I am believing that Etsy hired some of Ebay's cast offs....what is there about privacy they cannot seem to understand and WHAT were they doing mucking around in credit card information then saying OOPS!

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: Patricia This user has validated their user name.

Thu Apr 25 15:44:33 2013

These people stopped my Etsy account because I would not give them CC information.  They were paid faithfully and completely for years from my Paypal account.  Should they ever leak out my CC information I'll sue the GD pants off them!

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: Watching the Wheels This user has validated their user name.

Thu Apr 25 16:25:32 2013

Everyone should bring their concerns to Jim Breyer. He's one of the later investors with a sizeable amount of $$$$ on the table.

He is with Accel investments, and his email is:

jbreyer@accel.com

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: Cat This user has validated their user name.

Thu Apr 25 20:45:33 2013

Oh please, I was barely on Etsy for six months before I received an email from them stating that my private information was leaked for a period of time for all to see.
S-o-r-r-y.
So am I surprised? This is now the third time for Etsy, that I know of, leaking sellers private info.

What do you expect from a site who's CEO proudly proclaims that, ''Any of Etsy's 150+ engineers can deploy code to the live site at any time - and that happens 20 to 30 times a day.''

Who the hell does this? What other site on the planet allows this? Chad, Etsy CEO is proud to call his people hackers, who when they screw up the site get a knitted 3 arm sweater as a gift. Big joke for Etsy employees. Not such a big joke for the sellers who have to put up with the constant mind boggling, head scratching tweaking and changes, that never ever stop on this site. Never!
Oh, did I mention ''NEVER EVER''!

To bad for sellers loosing money while these arrogant twenty somethings play with the site like a video game and sellers loose there likelihoods.

Try running a business on a site that is under constant construction, under constant changes, under constant tests (where by the way, the sellers are used with out permission as lab rats).

They don't care that they are wasting your time and money during these changes or how it affects your shop. They don't care that every so many weeks or months your shop flat lines, because of the constant tweaking and interference from these programmers?
They tell you that ''yes we are aware that these changes have left out this segment of sellers or have hurt this here segment of sellers''.  ''But not to worry, because some where down the road we will change something else that in all probability will screw the segment of sellers we just helped.''

Don't quit your day job people, it takes a line of code on Etsy to wipe you out for weeks and just as you find another way back to show and sell your wares, they do something else and your back to where you started. These changes are none stop for sellers on Etsy. Everybody is sick and tired of it.

The big wigs at Etsy and there programmers and engineers let there egos's get in their way. They think they can do no wrong even if it screws there sellers livelihoods.

Now again this privacy breach, they are now hiding behind and telling the sellers that ''its a bug''. Yeah right!
Try its a programmer, he will likely get a knitted 3 arm sweater and everybody with an IQ over 85 knows it.

Yeah, thanks again for helping your sellers Etsy. Nice job as always.










 

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: cookiepuss This user has validated their user name.

Thu Apr 25 20:48:30 2013

This comment has turned up a few times in the long Etsy thread on the topic:
"This is sorta unrelated but related so I wanted to share.
When etsy sent out the Captain Quarters packages back at Christmas they also used this card info for the billing address. Or that's what I assume as the package was addressed to my husband whom even though he is a member of my shop his actual name is not anywhere on the site itself and even though we joked about it, it is still slightly offensive that it was sent to him and not to our shop name instead or name associated with the shop.
It really wasn't a big deal just saying that I would of been more flattered if it were sent to the shop and/or related to my shipping address here on etsy and not card info pulled from paypal or from when I created this acct as those were the only places I could figure his name to be listed.
Back to how this is related is that Etsy has access to this info and really shouldn't ever be using except if there is non payment issues."

Interesting, eh?

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: cookiepuss This user has validated their user name.

Thu Apr 25 20:58:04 2013

"They don't care that they are wasting your time and money during these changes or how it affects your shop. They don't care that every so many weeks or months your shop flat lines, because of the constant tweaking and interference from these programmers?"

Exactly, Cat. Not only do they seem to have a total disregard for the sellers, the sellers are helping to subsidize the very changes which are impacting their bottom line via listing fees.

A number of people have suggested that Etsy set up a duplicate, closed site for the programmers to work on so as not to disrupt the main site. But, why would they do that? They are free to screw up the main site. Plus, they don't have to spend any of that precious VC money on something that won't turn a profit.

I really think that's the reason Etsy doesn't give sellers many of the things they've been asking for over the years, like more categories. Why bother? Sellers will make do with what they're given; why spend money on things that don't have any cash return value for the company?  

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: WhoKnewIt This user has validated their user name.

Thu Apr 25 23:42:42 2013

They had better contact those whose information was leaked.  I'm going to write to everyone I know in the Press if they don't.  I'm tired of Etsy f'ing with my business, with MY paycheck.  Every single time they screw with something my stats fall off the face of the planet and it takes me months to build them back up again...I'm sick and tired of it.  I have my info NOT readily available so an ex can't mess with me.  Etsy puts it out there and it's found I'll end up back in court getting another restraining order.  Maybe Etsy would like my Attorney's bill.....

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: cayenna This user has validated their user name.

Fri Apr 26 00:59:40 2013

Not to mention I recently had a repeat customer drive all the way to my home from NY. I am in MN; just because my so called 'private' information was not private and I did not realize it till it was too late. It's one thing to provide business info and a business name but people do not need to know my personal stuff! And it's up to me if I want them to know my full name verses my business name and what I chose as my contact info. I have it private for a reason and this is a good example why!

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: Cat This user has validated their user name.

Fri Apr 26 12:09:58 2013

''Marc says that the actual cc numbers aren't available to programmers as they are stored in a different place.''

And if you believe that, I got some great socks to sell you that will not only make you look taller but leaner also.

Marc could leave Etsy and easily become a politician. He is great at dancing around issues while pretending to care what the sellers think and answer there questions.

He's weekly posts on Question Period is a joke. His answers consist of;
- ''I don't know yet'',
- ''I can't share that with you'',  
- ''were working on it'',
- ''we don't share that information'' - ''I don't agree with you'',
- ''to bad because its a done deal so suck it up''.
- ''were still working on it'',
- ''we don't know yet, etc.
Then you have the famous automated links he repeats over and over again in his posts. In case your bored with the other so called answers.

You have to vote on which post will get answered because they can't be bothered to answer sellers questions and there is only one Marc. So the sellers have to vote which question do they want answered the most?

This was Esty's great idea and answer to costumers saying that they were sick of administrators not answering there questions. So they gave us Marc.
His avatar says it all in my opinion. Does he not look bored as hell in this picture? Like okay, whats the next stupid question while he's cursing the Etsy gods for putting him there.

I love this ''As you know we periodically run experiments''.

PERIODICALLY! Try daily and weekly Marc.

My shop has flat-lined yet again and not one sale in 7 days. This  after steady sales for weeks. This after yet again more changes and programs added.
Yet again I have to try to figure out what was done by these programmers and how to work around it.

That is all sellers on Etsy do any more these days. Instead of creating listings, doing our photography and crafting items, we are forced to constantly seek out problems and changes for our selves. Resolve the issues or our shops flat-line and our business tank.
All this thanks to Etsy's so called programmers that treat this site like there own personal arcade.
Instead of selling your wares your stuck with trying to figure out what the hell they have done now that made you loose your livelihood over night.

Apparently Etsy employees have no knowledge of whats going on in the world and don't read the papers or listen to the news neither. They are unaware that people are struggling to stay afloat in these tough economic times.

Instead of helping there sellers and providing a strong foundation for them to sell on this venue, what do they do instead. They rip the rug out from under you every so many weeks.
We put up with constant cosmetic changes and stupid head scratching changes that no logical person even begins to understand. Circles, Favorites, Test Tests, (another one they scrapped) three different changes to Activity Feed, dashboards.
You have Search Engine changes, socializing the site to be another Facebook instead of a selling venue changes.

Destroying categories is a prime example. We now have ''Browse'' pages, ''Trend'' pages. The list goes on and on.

They finally gave us a Fine Jewelry category to only tear that down because they said it did not work.
You know why it did not work? It was not a real Fine Jewelry Category, it was a mess full of handmade jewelry which had nothing to do with fine jewelry. They even put costume jewelry in to the mix. Costume jewelry! The total opposite of Fine Jewelry.  

For every stupid idea they come up with, for every untested program they launch the sellers pay for with the sales tanking. They create bugs with these programs that screw up the site.

In today's economy this is there answer to helping there sellers. That is how they help us.

Why anyone is surprised about this privacy leek, is beyond me? What do you expect from a site that has to do constant changes every few weeks and allows programmers to do what the hell they please, whenever they please.

Can't wait to see how the new listing page that were getting (that most sellers hate already and no one wanted} is going to tank my sales.

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

This user has validated their user name. by: Sandymenu

Fri Apr 26 13:27:18 2013

@ CAT: Weirdola!

Could it possibly be the same MARC on another site?

WEIRDOLA!

Do you think our credit cards have the access of being charged for in-house EATsy pizza and soda pop meetings?

On a more serious note of advice concerning our credit cards:

Cancel the one you have ''on etsy file'' with your bank or credit card company and do NOT use it since the expiration date will still be good and hold putty.

Then, get you a replacement card with a new number from your card company and just use that one (or PayPal) to pay any new fees. This way, if any attempt to use the card they have ''on seller file'' gets HAPPY, then at least you'll be the one laughing once any charging is declined and your life continues in HAPPINESS mode until its time to renew to add a card in their files.

Also, most smart merchants already know NOT to use their own real personal or business checking accounts with ANY site to avoid being taken.

Open a small checking account with a small deposit and use only THAT ONE to do your online business.

TGIF = Thank God Its Friday!

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: Patricia This user has validated their user name.

Fri Apr 26 14:55:34 2013

I barely sell a thing there...only list a few items because its twenty cents like for months! It wouldn't bother me a bit to close my shop on Etsy.  No big deal!  They get "fancy" with my CC information and that's just what I'll do.

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: vman This user has validated their user name.

Fri Apr 26 16:38:45 2013

Etsy is a piece of crap site.  They are a bunch of dope smoking plastic banana good time rock & rollers.  They want you to "kiss and make up" if something goes sideways.  That means kiss the buyer butt.  They take whole stores down for one item that's not acceptable in their opinion.  To sum up THEY SUCK.

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: cookiepuss This user has validated their user name.

Fri Apr 26 22:28:36 2013

I so agree, Cat.

Those who make sales on Etsy do so in spite of the site, not because of it.

Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: Cat This user has validated their user name.

Sat Apr 27 00:50:42 2013

You got that right, cookiepuss. Every sale I have made on Etsy is in spite of the site, not because of it.

I see tonight that Marc has changed his tune and not calling it a bug anymore. Now he is admitting that its one of his people that caused the privacy issue with the code that was implemented.

They're r-e-a-l s-o-r-ry. Again!


Perminate Link for Sellers Raise Question in Wake of Etsy Privacy Breach   Sellers Raise Question in Wake of Etsy Privacy Breach

by: Daisy909 This user has validated their user name.

Sat Apr 27 07:28:59 2013

Maybe if the accidental exposure had led to a sale or two, I wouldn't be so upset....

Click to view more comments
1 2  [Next Page]


Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.