A TikToker and former Etsy seller has gone viral after alleging that the site’s weak security allowed a hacker to take control of her account.
In a video with over 298,000 views, user Marisa (@marisadabirdie) says that a hacker accessed her old email address, which allowed them to get into her Etsy account. From there, he changed the email address associated with the account and attempted to withdraw money from it.
Etsy, she says, has allowed this to happen through inadequate customer support and email notifications that do not allow users to take retaliatory action.
@marisadabirdie currently dealing with identity theft and @etsy being compliant with it. delete your account so this doesn’t happen to you. #etsy #WeStickTogether #MickeyFriendsStayTrue #CVSPaperlessChallenge #smallbusiness #smallbusinessowner #scammers #scam #identityfraud #lifehack #lifehacks #fyp #fypシ ♬ original sound – marisa moureau
In her first video, Marisa says that she had a small Etsy business selling t-shirts.
One day, her account was hacked using an old email address, which allowed the hacker to switch the bank account associated with the Etsy store to their own.
Marisa was able to contact Etsy and get back into her account. This was only a short-term solution, however, as the hacker was quickly able to regain access to the account, she says.
“This has been happening for five days now,” she says. Marisa claims that she will contact Etsy, the company will respond after 24 hours, and eventually, they will give the account back to the hacker for reasons unknown.
Furthermore, she claims that she receives an email notification every time the hacker attempts to change the email address associated with the account. This email supposedly has a link to stop the email address change if it is fraudulent. However, there is an issue with this link.
“‘If you did not approve this request, click here,’” she recounts from the email. “But the fun fact is, the ‘here’ is plain text. It’s not a link. There’s literally no link for me to click.”
Additionally, she says that Etsy will not let her delete the account until 180 days have elapsed, as that is the return window for purchases from her store.
The hacker was able to access the account again using an email address that had Marisa’s “full legal name, which they got via my Etsy account.”
“But worse than this hacker is Etsy,” she concludes. “I don’t know if they have a friend inside, but Etsy continues to give my account back to a known hacker, putting me at risk, my identity, my customers. So if you have an Etsy account, delete it, because they’re very susceptible to security breaches.
In a follow-up, she noted that two-factor authentication is insufficient, as Etsy was able to circumvent their program to let her back into her account.
@marisadabirdie Replying to @tapiococo i also couldn’t believe it so i totally get where the “ur just bad at internet” comments are coming from. but uh. to quote Naruto Uzumaki, believe it. @etsy #etsy #WeStickTogether #MickeyFriendsStayTrue #identityfraud #scam #smallbusiness #smallbusinesscheck #smallbizowner #smallbusinessowner #smallbusinesstiktok #smallbusinesstips_ ♬ original sound – marisa moureau
In comments, users shared their thoughts on Marisa’s predicament.
“I literally paused this TikTok, closed my Etsy and came back,” a user claimed.
“My account got hacked a while ago, they changed the email. Im not a seller though and thankfully never saved any card information on it,” another claimed. “Spooked me.”
“On my way to delete my account… I’m so sorry you’re going through this, thank you for sharing this info,” a third concluded.
The Daily Dot reached out to both Marisa and Etsy via email.
Today’s top stories
*First Published: Aug 26, 2022, 10:25 am CDT
Braden Bjella is a culture writer. His work can be found in Mixmag, Electronic Beats, Schön! magazine, and more.