A TikToker and former Etsy seller has gone viral after alleging that the site’s weak security allowed a hacker to take control of her account.
In a video with over 298,000 views, user Marisa (@marisadabirdie) says that a hacker accessed her old email address, which allowed them to get into her Etsy account. From there, he changed the email address associated with the account and attempted to withdraw money from it.
Etsy, she says, has allowed this to happen through inadequate customer support and email notifications that do not allow users to take retaliatory action.
@marisadabirdie currently dealing with identity theft and @etsy being compliant with it. delete your account so this doesn’t happen to you. #etsy #WeStickTogether #MickeyFriendsStayTrue #CVSPaperlessChallenge #smallbusiness #smallbusinessowner #scammers #scam #identityfraud #lifehack #lifehacks #fyp #fypシ ♬ original sound – marisa moureau
In her first video, Marisa says that she had a small Etsy business selling t-shirts.
One day, her account was hacked using an old email address, which allowed the hacker to switch the bank account associated with the Etsy store to their own.
Marisa was able to contact Etsy and get back into her account. This was only a short-term solution, however, as the hacker was quickly able to regain access to the account, she says.
“This has been happening for five days now,” she says. Marisa claims that she will contact Etsy, the company will respond after 24 hours, and eventually, they will give the account back to the hacker for reasons unknown.
Furthermore, she claims that she receives an email notification every time the hacker attempts to change the email address associated with the account. This email supposedly has a link to stop the email address change if it is fraudulent. However, there is an issue with this link.
“‘If you did not approve this request, click here,’” she recounts from the email. “But the fun fact is, the ‘here’ is plain text. It’s not a link. There’s literally no link for me to click.”
Additionally, she says that Etsy will not let her delete the account until 180 days have elapsed, as that is the return window for purchases from her store.
The hacker was able to access the account again using an email address that had Marisa’s “full legal name, which they got via my Etsy account.”
“But worse than this hacker is Etsy,” she concludes. “I don’t know if they have a friend inside, but Etsy continues to give my account back to a known hacker, putting me at risk, my identity, my customers. So if you have an Etsy account, delete it, because they’re very susceptible to security breaches.
In a follow-up, she noted that two-factor authentication is insufficient, as Etsy was able to circumvent their program to let her back into her account.
@marisadabirdie Replying to @tapiococo i also couldn’t believe it so i totally get where the “ur just bad at internet” comments are coming from. but uh. to quote Naruto Uzumaki, believe it. @etsy #etsy #WeStickTogether #MickeyFriendsStayTrue #identityfraud #scam #smallbusiness #smallbusinesscheck #smallbizowner #smallbusinessowner #smallbusinesstiktok #smallbusinesstips_ ♬ original sound – marisa moureau
In comments, users shared their thoughts on Marisa’s predicament.
“I literally paused this TikTok, closed my Etsy and came back,” a user claimed.
“My account got hacked a while ago, they changed the email. Im not a seller though and thankfully never saved any card information on it,” another claimed. “Spooked me.”
“On my way to delete my account… I’m so sorry you’re going through this, thank you for sharing this info,” a third concluded.
The Daily Dot reached out to Etsy via email.
Update August 27, 10:21am CT: In an email to Daily Dot, Marisa says that there is no update on her situation.
“Honestly, not much changed,” she wrote. “Most recently, they reinstated my account, again and again refuse to delete it or notify my customers of the breech. There had been one support rep who had said they’d expedite the deletion from 180 days to 2 days but of course in those two days my account has been given back to the hacker and the rep disappeared off the face of the earth, as they do.”
However, Marisa added that she is seeking legal action.
“I’ve wiped all my info from my Etsy account while I wait 180 days or for legal action,” she continued. “Etsy has emailed me begging me to put my bank details back, ironically. My attorney has sent a letter to Etsy which today was returned to sender. So I guess they prevent legal action that way? Ha.”
Overall, she says the situation just feels wrong. “It all feels so gross and scammy. And as you can see from the comments on my video, I’m far from the only one,” she concludes.
Today’s top stories
‘Fill her up’: Bartender gives woman a glass of water when the man she’s with orders tequila shot |
‘I don’t think my store has even sold one’: Whataburger employees take picture with first customer who bought a burger box |
‘It was a template used by anyone in the company’: Travel agent’s ‘condescending’ out-of-office email reply sparks debate |
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online. |