Monday, September 20, 2010

Etsy Security Breach - What Happened to That Privacy Policy in the Contract We All Signed?

::headdesk! headdesk! headdesk! headdesk! headdesk!:::

Some days you wonder how any one at Etsy every gets a job, let's alone keeps it! We're posting this ASAP (thanks for the heads up tipster!) because it's hidden in the bugs forum and as we all know, that's where topics go to die! Posting here will make sure they see it, since we KNOW for a fact they come all the time. (Tracking stats are a lovely thing!)

So what did they fuck up today?

Treasuries are showing items with the seller's REAL NAMES. Its past merely laughable, it's downright pathetic how bad at their jobs they are. Do they EVER spot check before they release code? If they would have loaded it once... just ONCE they could have fixed it in seconds as I know it's just a phrase in code that tells what to load there, but they couldn't even check their work???

Feel free to send your outraged words to this thread here
. (closed)

Morons. Fucking goddamn morons. Put the guitar down and do your goddamned jobs!

EDIT: took 30 min but they fixed it. But feel free to keep screaming over there, it was a fucking astounding breech of privacy they are making out to be a hiccup. PLEASE careful what you say to admin though, don't get into name calling we don't want them shutting you down for hurting their wittle snowflake fweewings.

Comment on this thread instead started by Pants. BE ANGRY! DEMAND ANSWERS! BUT DONT BE MEAN! DON'T CALL NAMES - THEY WILL AND CAN SHUT YOU DOWN OR MUTE YOU!

**Title edited by The Stubborn One at the suggestion of one of our readers. I didn't ask Cranky first, but I'm pretty sure she'd agree with the change.

70 Comments:

Eveline said...

Don't you just LOVE the reply from Admin Knickey:
"Alright all, this should be fixed. If you see any other strange behavior in the Forums please let us know immediately.

My sincere apologies for the inconvenience! We're going to discuss this internally to make sure it never happens again. "

WTH? Inconvenience?? This is way beyond an inconvenience.

Amenhotep IV said...

Knickey apologized for the "inconvenience" in one thread.

Shocking. Total dump of personal, private information without anyone's knowledge or consent. Right into the public eye. Never mind the fact that it might have been crawled by Google. And people want them to run their own payment system? Jesus H.

The Funny One said...

Admin knickey (rhmyes with....) finally addresses it on Page 10 with "never again" -- famous last words of new Admins who luvluvluv to post ad nauseum about total bullshit all day long, except weekends when Etsy would-be-sellers are working 26 hrs per day, but Admins are home, plushing up their plushies.

Notice how it looks like no one's in charge most weekdays and then NO WARM BODIES can be located at all on Sat and Sun?

This faux pas, along with sean11's changing your JoinedEtsy date to your StartStoreOnEtsy date are just 2 of latest seismic warnings that the volcano is about to blow........just in time for holiday sales!

Evacuate!

Eveline said...

OH, it's already closed. Someone said, "Inconvenience? You've never had a stalker, have you?" and Anee closed it saying "Disrespecting members of our community like this is unacceptable."

Unbelievable!

underoos said...

"370 deploys in August"!!

Well, I hope you castrate the dipshit who did this one, guys.

Or, perhaps you could start rolling out code in a supervised, adult fashion - you never know what a little good management could do for a team.

fedupwiththebullhonky said...

So, basically some moron engineer put in 'full name' instead of 'user name', and their process is too flawed to have caught this before it was pushed live to a site with tens of thousands of people looking at it every hour. Wow.

I don't really think that the people in charge of the tech team are doing a very good job... anyone? It seems the fuck ups fly fast and thick. Even worse than the Revolving Dork days.

Of course, I think most of the blame goes on the brilliant visionary CEO, one of the most creative and intelligent people EVER, for demanding "hurp derp, we're going to write new versions all of this shit we haven't upgraded in four years. I don't see why it can't be all done in three months". It must be such a PITA to work for that arrogant twit.

Evermore Organics said...

Its pretty unbelievable that ANYONE lists on Etsy anymore. I suppose Etsy banks on n00bs who have no idea and haven't done their research. People really need to get over the "Ooh I can have a shop too!" mentality and start doing it for themselves (i.e. real website, etc).

And what was wrong with the JOINED ETSY dates? Were they stopping folks from being able to charge appropriate sales tax? Oh wait...

Broom Hilda's Emporium of Fun said...

Hey, anyone want to start a betting pool for the depth of the fuck ups they'll be making this fall?

They've really been on a roll lately - the feedback improvements were really impressive - but just wait! They've surely been working on a whole bunch of poorly designed and retardedly thought out new stuff behind the scenes, which they're going to incompetently release just in time to fuck up everyone's sales for the Holidays!

thisshtisbananas said...

twat was that?, he he

not very impressed said...

But.. but SOMEONE had to patch the knit cozy on the ventilation duct, I was busy. You don't understand how important it is for us etsy employees to feel really comfy here. It's the only way we can do such shitty jobs and continue to attract more incompetent morons such as ourselves.

thisismyrealname said...

Three free fucking lunches a week, says Fred Wilson and now they are dicking around with our personal information.

Mistakes happen, but it is clear from closed thread after closed thread that etsy really doesn't care. At all.

They'll put some moron out to talk to the press and then have desert in one of the plushie phone booths.

Go public? Are you fucking nuts?

Sara said...

speechless

GrapeLeaf said...

I'm watching from a safe distance. *puts on safety goggles*

WhatNext said...

Yep, I've already signed up for ArtFire's $5.95 deal and opened up a free shop there.

OMG, my items were instantly uploaded to Google yet I'm still waiting for syndication (whatever the fuck that is) to come my way at Etsy. I'm really angry about this but back to the matter at hand.

I'm really ticked off about this privacy intrusion and I'm feeling very nervous about the upcoming holiday sales season there.

I urge everyone to open shops now on other venues. I'm really hoping that ArtFire works for me because I really want out of Etsy for good.

headdeskwasmyname said...

Of all the things I have complained about in etsy, from resellers to the treasury, this is the worst.

It appears almost anyone on staff has access to our personal data and that it is not secure.

I knew they read our convos, shut people down on a whim, but to put our personal data in cyberspace with just a 3 paragraph, oops, is unbelievable.

Are you tweeting this?

Eveline said...

Did anyone else get this email?
"UBJECT: Apology from Etsy

Hello:

My name is Sarah Feingold and I work here at Etsy. I read your forum post about today’s issue where the “full name” was displayed in the Treasury. I wanted to offer my sincerest personal apology.

Personally, in the past, I had identity issues…so I know how painful it can be. Although Etsy cannot turn back time we can learn and we can move forward.

It is a privilege to have you on our site and we are taking steps to ensure that things like this do not happen again. We are examining the situation and for information (if you haven’t already seen it) you may want to check out the post by Chad (Etsy’s CTO) http://www.etsy.com/forums_thread.php?thread_id=6632595

If you have any questions, please feel free to reach out to me anytime. You can also send an email to Bernadette Sweeney who manages the customer support team. Her email address is Bernadette@etsy.com.

If you want to talk to someone at Etsy about this please send me your phone number, a good time to call you, and please note your time zone.

Again, thank you so much for being a member of Etsy. We are no where near perfect and we are trying to improve every day.

Best,

Sarah"

It just made me laugh so so much!

Tyler Durden said...

The fiasco lured Rokali out to comment on it.

And I love the people in the forums who are condemning others for being concerned about how their data is shared.

Did the COO come out to talk about it yet? Rokali said he was going to.

I'd just like to share this again, in all of its glory. From the Etsy Privacy Policy:

Information Collection and How it is Used

General Information:

* Etsy will not sell or disclose your name or email address to third parties without your explicit consent, except as specified in this privacy policy.

Make Way for Deliciousness said...

Why on earth didn't they take the treasuries down while they were fixing this issue?!

I also like the people in the forums saying that it's not a big deal to them that their real name was showing. "I'm fine with posting my real name everywhere online and you should be okay with it too!"

I can see it Now said...

They have thirty engineers now who are all dreaming of coming up with the perfect algorythym, or code, or idea and being heroically worshipped forever afterwards.

The shit is just starting now!
It's going to get much worse.

subeeds said...

Not only am I glad I no longer sell there, I am having serious thoughts about even buying there anymore. One of the posts I made in a thread about this had a statement to admin saying that they have a serious seller morale problem there, in case they haven't noticed. It doesn't matter, though-they will get more new cupcakes to drink the kool-aid and keep renewing and believing the admin BS. I understand that people make mistakes, but to allow this to go on for as long as it did is intolerable.

Night Sky said...

This is so beyond belief I don't even know what to say. Etsy is a mess. I'm starting to wonder why anyone sticks around.

BTW, this is great time to hop on over to ArtFire, for those who haven't. Pro shop group deal for $5.95/month beats the hell out of giving Etsy another penny.

HelenThomas said...

Good lord, I've just about finally lost it with them.

How come other companies never do shit like this? Stupid, over and over and over again?

Dallas said...

So who's taking this mess to the media (Consumerist? Gawker? etc) The FTC or Consumer Protection Agency for privacy violations? Just curious if there's anything in the works to drag this mess out of the Etsy Forums into the public spotlight.

tipstersocks said...

They actually sent out an apology convo to sellers, admitting they made a huge mistake, acknowledging that trust was lost, and claiming that if we provide our phone numbers, they will call us back to talk about the issue. Who knows if that's true, but that's...well, a big step for them.

Still, WTF, programmers!!!!!

AbsintheDragonfly said...

Tis all shut down now...cause someone called knickey a twat..

sark said...

I'm glad I missed this. I mean, I guess, technically, I am one of those jerk motherfuckers whose account name contains parts or all of my real name, so, perhaps I am a little less agog about the situation.

However, maturity comes with age, and while this may not bother me personally, because, well, I am ME — I understand that others don't feel the same way I do about being that forthright.

That being said: I have no respect for etsy admin, including this latest forum admin jackass: knickey.

Now, if etsy is going to be transparent, how about telling us who, besides MaryMary is curating the front page, so we can voice our concerns directly to the actual employees who are causing the problems and entirely skip the cupcake bullshit?

Because, my god, every time I open one of those threads and I see 400 smothering posts by Polestar — I literally want to smack someone. And then to see her crappy product plastered all over the front page — that is just insulting, and well, it makes me think the employees are retarded cunts who don't understand that the behaviour is actually exceptionally transparent.

Etsy staff are careless, this is just another example.

If they actually hired professionals & used standard code, then likely, someone or something wouldn't have hacked them.

I'm almost agog that everyone got a half-ass apology from some generic idiot admin. You know how much etsy hates to apologize for their constant fuck ups.

UgaBugaBowls said...

"if we provide our phone numbers, they will call us back to talk about the issue"

They'll call??? Quick! Everyone provide their phone number so when they call back, we can capture their phone number on our caller ID! Then everyone will have a phone number to call in the future for customer service!!! Whoo hooo!!!!

qb said...

http://www.etsy.com/forums_thread.php?thread_id=6632492&page=18

I'm curious as to why their testing for live is *only* a 10 minute process. No changes for a website of this size should go live without *at least* a 24 hr. internal test period that also involves employees poking at it/actively using it. I'd feel safer if they waited a week or more.

Molly Phoenix said...

I thought it was okay to say twat in the forums. I didn't mean to get the thread closed. :)

pease said...

OH, it's already closed. Someone said, "Inconvenience? You've never had a stalker, have you?" and Anee closed it saying "Disrespecting members of our community like this is unacceptable."
________

Eveline, just to clarify, I said that and anee did later tell me she did not mean me in her closing comment.

But aye carumba, what a mess.

Jeeeee said...

That twat comment made me laugh so hard! And now that poor seller will probably be muted at the very least.

Captain said...

I've been thinking about sending it to Gawker but I wouldn't even know where to begin. This is seriously messed up. The worst part is that sure you could "delete" your shop on Etsy and take your business elsewhere, but what if they still have your personal information and it gets leaked AGAIN?

I'm sure Etsy's actions (or lack thereof) in the next couple of days will be even more fucked up. I bet their new announcement will read something like this: "Derp derp, no big deal, what security breach? Oh, here's a half-assed new checkout for you to play with! Oh and we didn't bother testing it and we're releasing it at the end of the week so any problems you may have, well you're just shit out of luck. LOL KEEP RENEWING!"

The Stubborn One said...

Astonished.

Etsy just CAN'T STOP THE FUCK UPS! It's habitual now. Left, right, and center. Fuck up, fuck up, fuck up. NOT hiccup. FUCK UP. Well I'm glad as hell I came to my senses months ago.

This, E's latest picture posted on FaceBook, was just sent to us and I can't stop laughing. Seriously. My stomach hurts so bad right now!:

http://www.facebook.com/photo.php?pid=4881402&fbid=437477509726&id=49685584726&ref=nf

The Stubborn One said...

Ok, obviously that FB link was too long. Here you go:

http://bit.ly/du059l

Old&Creaky said...

So... after they just sent my real name to the world, they seriously asked for a phone number?

Is this like where a con man tries to pull in in further after you start suspecting you've been taken? Why on earth would I give them my phone number now?

lol @UgaBugaBowls about the customer service line

Stacey said...

The timing for this little hiccup couldn't have come at a worse time for Etsy... what with the holidays coming up and ArtFire's killer $5.95 deal (signed up today:}).

Everyone I've mentioned this to either online or in person (ie. my friends and family who know what Etsy is) has had the same horrified reactions that the vast majority of forum posters did. That doesn't bode well for them.

I want answers as to why this happened, not excuses, not 'we're working on it so it never happens again' bull, not ignorance of the issue. I may be closing out my shop, but the remaining sellers don't deserve to be treated like they're invisible and inconsequential.

Over the last couple of months, I've said that I was going to close my shop and then didn't... I kept giving Etsy the benefit of the doubt. No more. I can't. So come Oct 1, my shops at Cargoh and ArtFire, and hopefully my own website, will be where I focus my energies. Not that cesspool of incompetence.

tired etsian said...

On a less serious note, I guess this shows how useless a selling tool(other then the elusive front page selection) the treasury system is.
******************
chaddickerson
Etsy Admin
says:
I wanted to give everyone more details about the extent of the issue we had earlier today. This issue affected at maximum about 2% of total Etsy sellers. This figure includes all sellers featured in the Treasuries that were viewed today.

The total individual Treasuries viewed while the bug was out was 1912. Of those:

* 1628 were viewed 5 or fewer times
* 1372 were viewed 2 or fewer times
* 1064 were viewed only once
**************
Less then 2% of treasuries were supposedly accessed in that 40 minutes, and around 80% of those were only looked at 5 times or less. If those stats include hits from bots crawling the treasury then pretty much no one visits the treasuries except those making them and being featured in them.


On a more serious note. They need to be sending out an apology to everyone. Which is worse, owning up to the mistake, letting everyone know what happened and what you are doing to ensure it happens again. Or do the bare minimum and encourage paranoia and rumors. At best you look uncaring in scenario two, at worst it looks like you have no plan of action in regards to privacy.

Virginia said...

Holy cow. Maybe I want to go further than just putting my shops in Permanent vacation dormancy over there. I feel sort of like BlueBeard's girlfriend might have if she had broken off the engagement and then found out who her REALLY was a week later.

The entire forums section is nothing but desperate cries for help, angry demands for things to be fixed and spam posts. What a bloody mess. (again with the BlueBeard metaphors. We should give all new, potential sellers a peek into that hipster chamber of horrors that awaits them BEFORE they spend their rent money on re-listing fees.)

anactualgrownup said...

What concerns me the most about this issue is how no one ever seems to be in charge.

Shit happens, then there is damage control. Etsy doesn't understand they have to come clean. What happened? Why? Can it happen again?

Spinning it, cute facebook quotes and I'm sorry just aren't enough.

I'm interested to see what happens when the on line media gets a hold of this. Maybe the investors should stop gawking at the knitted pipe cover and take a serious look at the infrastructure.

Hey Etsy:
If you want people to make a living at their craft treat them with digity and respect. Tell ALL your members what happened. Then let them decide whether they believe you or not.

Your CEO has a 6 year old avatar taken in a bathroom mirror. Didn't you hire a grownup to be the face of the company?

Oh, and yes, I am talking directly to etsy. Since Rob gave his interview here, the staff reads you every day.

grannygirl said...

After reading this I meandered over to etsy, (I've just been waiting for the items in my shops to expire), and of my 3 shops, 2 were totally empty, and on had 2 items still active, so I de-activated them. Now just to contact a few customers who may wish to know where I'm at and I'm officially ex-etsy! Yay!

Anne said...

I wish I understood a little bit better about how their software engineering department (or excuse me, their software crafting circle) is set up. Maybe that stupid recruiting video is non-fiction. They seem to be completely lacking in anything that resembles the normal design/develop/test process. I'd call it the "project life cycle," but that's soooo last-century. I've seen two cardinal sins in one month--sins that in a normal company would get everybody canned:
1) They developed and rolled out an application involving money and taxes without consulting anybody who had expertise in developing money and taxes applications.
2) They are apparently doing preliminary testing on their production system--a complete no-no, and one that can (and has in some companies) result in really bad shit like identity theft.

Project managers and programmers have traditionally been very wary of each other. The managers view the programmers as needing to be ruled with an iron fist. The programmers regard the managers as exploiters and tyrants. The truth is somewhere in between, and it takes both types of person to develop successful applications. I'm beginning to think they don't have any project management in place at Etsy, and real suffering will ensue among the people who have to use these programs.

just curious said...

can someone tell me about the artfire deal? I couldn't find any info on how to get the $5.95 dealio.

Libby at Picklevalentine said...

As someone who once had an internet stalker, I have no sympathy for Etsy's cavalier attitude. Anyway, I'm out of there. Best thing I did after March 12 was to close down my shop and move to AF. It took 5 months of denial and hoping things would get better. Even now, about twice a week I get a twinge and think maybe I should go back, but then more things like this happen. It's so obvious that the entire staff does not give a crap about sellers, other than their chosen few.

The idea of doing their check out scared the crap out of me. I can just imagine my name and banking info and credit card number all over the internet. Somewhere a hacker is reading about the encyclopedia of Etsy incompetence and just waiting to make a profit.

Ex Cupcake said...

Just Curious, you can go to ArtFire's site and look at the very top of the page for the link explaining the deal.

AbsintheDragonfly said...

I'm appalled, and so very sorry for those people who've had to protect themselves, now have their identities thrust out into the internet, for their stalkers to find.

I just don't know what to say about this level of incompetence. My husband codes for a living, and knowing what I know from living with him and learning coding vicariously through him, it should have taken about 30 sec. after learinng about this, to take down the treasuries, IF they had coded it properly to BEGIN with.

Now if the coder's don't know WTF they're doing...that's another matter completely.

More's the pity for those affected. And as far as testing goes? NEVER NEVER let things out of the box, until you're SURE it's working PROPERLY!!!!

He used to work for large banks, with millions of dollars on the line, so these things he takes seriously. Too bad Etsy doesn't do the same...

citizen jane said...

maybe you should change the title of this blog post to reflect Etsy security breach or something else attractive to Google's SEO bots. YOu wouldn't want to click on an article about "Headdesk" but you definitely would if you had a big accurate title about the shenanigans Etsy's pulling. Just sayin'

just curious said...

Thank you, Ex Cupcake.

My hubby does code as well and runs servers for websites too. He would have never launched a new code without testing it on a backup non-live site. If this had been done properly, none of this would have happened.

HoLeeCrap said...

Ho. Lee. Crap. Words almost fail me. I've been on a listing frenzy the past couple of days...dumb I know. I've been at Etsy 4 years, I should know better. I can't freaking believe this.

I haven't been in the Etsy forums in a while. I actually found out about this on the Artfire forums. My information was exposed since I'm in treasuries, WTH didn't Etsy send me an email?

I shudder to think of an Etsy-run payment system. Ho. lee. crap. I'd better catch up with wth is happening with that! If they do it, I'm gone!

I hope Artfire reaches their 20,000 so my $5.95 account will activate.

Matilda Knickerbocker said...

I agree 100%, based on my experience coding, it's totally unbelievable that someone would have not tested the changes in QA for long enough to see that the names were showing? Little wonder the site has been so unreliable lately. It seems for Etsy, twice as many developers = twice as many people to screw things up.

I don't see how it could take more than 5 minutes to update after learning about the problem. Where was QA before the initial release?

Seems to me, two people need to be fired here - the moron who didn't notice this change when he programmed it, and the QA failure who approved the change. Oh, and perhaps whomever is absolutely failing at making TDD work for you by writing realistic tests should be sentenced to giving Rob Kalin nude hot oil massages for two weeks, or vice versa.

Then, the Treasury. I've looked at several lists and noticed that the only people commenting are those who are featured in the list.

I really hope Etsy re-does the Treasury - this new system is not working. Too many lists, too little ways to browse through them effectively - exactly like shopping on Etsy.

Anonymous said...

I thought this treasury, created in honor of the Etsy breach was perfect:

http://www.etsy.com/treasury/4c98033caf9a8eef4aaf1335/sellers-reactions-to-todays-etsy-sht?index=8

etsygoesdark said...

Have you noticed, etsy has gone silent.

Not one word from management. Not, this is how we are going to fix this, it won't happen again. Not one woed.

The forum is hopping, the hipsters are building a brick wall. Or...maybe it's nap time.

SusanA said...

tipster said...They actually sent out an apology convo to sellers, admitting they made a huge mistake, acknowledging that trust was lost, and claiming that if we provide our phone numbers, they will call us back to talk about the issue. Who knows if that's true, but that's...well, a big step for them.

And who would give them more personal info to screw around with???

BTW just curious - if you don't have an artfire shop you won't see the promo. But it shows up when you do.Sign up for a free shop to check it out.

RRobin said...

Instead of trying to prove how contrite they are by asking for OUR telephone numbers (what, so they can publicize those in a Treasury too?), they should GIVE OUT THEIRS.

Hey Etsy! Set up a toll-free hotline so that sellers who want to call you can do so. Do that, and maybe I'll take your mea culpa seriously.

FYI said...

I'm writing to let you know of a glitch on Etsy yesterday. This glitch
caused your real name to be shown in place of your shop name inside
Etsy's Treasury (http://www.etsy.com/treasury/), and lasted for 35 minutes.
We have determined that 2% of Etsy's sellers were affected, and you were in
that 2%.

We are deeply sorry about this, and we have been working non-stop
since the event to make sure this won't happen again.

* How many people saw this happen?
Of the 1.3 million unique visitors to Etsy yesterday, about 1,200 of them
viewed the Treasury during the 35 minutes before the glitch was fixed.
Speaking in percentages, this means that 0.09% of the people who came
to Etsy yesterday saw this happen.

* Was any other personal information shared?
No other personal information was exposed. This issue was contained
within the Treasury and did not appear elsewhere on Etsy (including
the front page).

* Where did Etsy find my real name?
The full name displayed was the one you put on file when you first
opened up your shop. This name is otherwise not displayed anywhere
else on the site.

* How did this happen?
The glitch was caused by an internal programming mistake, not a security breach.

* What are we doing to make sure this won't happen again?
We've begun what will be an ongoing process. So far, we have:
- Added further safeguards in our code
- Reviewed and improved our response and escalation policy
- Enhanced our coding, reviewing, and releasing processes
- Invested further in our security and privacy team

Again, we want to offer you our deepest apologies for this incident.
We take our responsibilities seriously and thank you so much for being
a part of Etsy.

There's also an announcement in the forums
http://www.etsy.com/forums_thread.php?thread_id=6632595 that contains
the most up to date information.

We welcome any feedback and questions. Just reply to this email.

Very truly yours,

Chad Dickerson
CTO, Etsy

eclipse said...

Please someone tell me, where was the name being pulled from?
credit card on file or from shipping address?
Which do I need to delete?
or both?

eclipse said...

* 1628 were viewed 5 or fewer times
* 1372 were viewed 2 or fewer times
* 1064 were viewed only once
--------------
CHad you ignorant fool, you have missed the point entirely.

The point is that anyone who knew of this glitch could make a treasury consisting entirely of sellers they don't like, just to collect their real names.
A loophole that is well known can be exploited ON PURPOSE.
DUH

dunnowhyIamsurprised said...

aaaaaand....
did anyone notice that received the 'oops' email that it was addressed to "Hi There"?

Apparently etsy can release names to the world, but can't figure out how to include the seller's name field in an email message? Really?

Libby at Picklevalentine said...

Chad obviously never has had an internet stalker. He's a callow idiot.

*Layla* said...

If you're still having doubts about moving to Artfire, then check out this thread from the Artfire forums where they tell what security systems they have in place. Even the founders can't access certain information without approval!

http://tinyurl.com/artfire-security

Zombie Dog said...

probably any 2 bit tech tadpole can get the details on any member.

Not the billing address/credit card. or ...? they just removed names that were coming from billing info from the API I read. it had to be authorized but still, how was it there?

my guess is that they can just sit there and query all day and get your names, addresses, browsing history, log in times, IP address, whatevah. hey, maybe next week your home address will be there instead of your shop announcement. it's cool, only 3.14159265% of shops were accessed during that period, they'll say.

HadEnough said...

Etsy rules are to be broken when Etsy says it is OK.

Yesterday a new seller posted the email they received about the security breach. Myself and another seller politely told her that it is against Etsy TOU's to post private communication from convo's or emails received from Etsy.

Well...

Along comes HeyMichelle and tells the seller, "Thank you for posting the email, we were going to do that ourselves under announcements". Ummmmmm... Any other time the thread would have been closed because it broke Etsy TOU's.

Thank you HeyMichelle for making me and the other seller who know the TOU's look totally stupid.

As for my apology convo I received from Etsy about this Security SNAFU, I got a Hi there, with an explanation of what happened. There was no I am sorry, we apologize. Admin did not ask for my phone number so that we could talk (HA!). Mine came from Admin bernsweeney.

My sales are pathetic and this last snafu is the end of the line for me.

Fed Up said...

Actually, it's probably just one free year Veronica got. AF will do that for Etsy sellers that have been shut down. For life, though? Not likely.

Amenhotep IV said...

The screw up has been immortalized on the AuctionBytes 'zine.

http://www.auctionbytes.com/cab/abn/y10/m09/i21/s02

Not Funny said...

WTF how can anyone find this funny? Saying if you feel that threatened go legally change your name. I'm in shock someone would actually post that. what compassion eh?

hater aid alert said...

Some people just don't get it and never will. Did you see the comments from someone on AF over this issue. She thought it was funny someone thought they could be stalked over their name showing instead of their id. Her advice go get you name legally changed if your worried. hears the link to read it all yourself. (she starts on page 14 & 15)
http://www.artfire.com/modules.php?name=forums&page_no=14&op=view_topic&tid=12851

Professional Pot-Stirrer said...

Wow. I analyze computer system failures for a living and this is the kind of thing that would have upper management at our Fortune 500 financial company screaming, "FIX THIS! FIX THIS! YESTERDAY!!!!" Heads would roll.

Something is very deeply wrong with the way Etsy develops, tests and rolls out code. I suspect, based on other screwups noted here, that this is a problem with Etsy's corporate culture at bottom. We're talking about not having some basic controls in place, as well as a standard software lifecycle procedure (as mentioned by other posters). And if you don't have a test environment that you can run code in before you push it into production, you're insane.

The whole thing is mind-boggling and makes me question whether or not I should do much of anything over at Etsy. At least in my line of business, if we f*ck up in a really public way like this, we have the Fed and the Comptroller of the Currency all over our *sses.

MissKbee said...

I was in quite a few treasuries at the time of the "glitch" and received the "once again we fucked up" email.

I packed up. Moving to AF. I'm done. 4 years I've hoped and hoped, left, come back. Left again. And it's hard to say good bye.


Since you read this: GET IT TOGETHER!

Going Public! LOL! Talk about a high risk investment.

Picklevalentinevintagebeads said...

hater alert, only one person said something about funny. But if you go on reading, she says in a later post that she felt sorry for those who were exposed, so are you sure that she meant funny ha-ha or funny as in odd? It really helps to read the whole thread and not just cherry pick one word.

Irys said...

I thought this was kinda funny, since here in Germany everyone running a shop (yes, on the Internet) MUST put up their real full name, address and phone number in a shop section called "imprint". So there's no hiding behind usernames. I know that this is a serious security breach for you in the US, but to us it's just "yeah, so what, this was public anyway". Funny how dealing with different laws totally changes your perception.

NeverAgain said...

And after all this, Etsy is absolutely refusing to answer the questions in this thread about how users are unable to update/edit the very information that was exposed....the full name.

http://www.etsy.com/forums_thread.php?thread_id=6633892&page=1

The Privacy Policy states that you can edit this information in "My Etsy", but it is no where to be found...only CC and mailing info. Not the same thing.

Another shining example of Customer Service.