A TikToker urged fellow Etsy sellers and buyers to delete their accounts, after sharing a security horror story in a viral video.
Etsy seller Marisa, who posts under the handle marisadabirdie, took to TikTok to inform others that the site’s weak security allowed a known hacker to take control of her account.
In a viral video that’s garnered 350,000 views, Marisa says: “If you’re seeing this please delete your Etsy account, whether you’re a buyer or a seller their security is awful.
“You are currently at risk of being impersonated, having your account hacked, and not being able to recover it.”
She shares that she had a small Etsy business selling t-shirts, but one day, someone hacked her account using her old email address, which allowed the hacker to switch the bank account associated with the Etsy store to their own.
After contacting Etsy, Marisa was able to get into her account, and she changed her password to a “very strong” one. She even enabled two-factor authentication, so that any new log-ins would have to ping a secondary device that only Marisa would have access to.
However, the hacker was somehow quickly able to regain access to her account.
Subscribe to our newsletter for the latest updates on Esports, Gaming and more.
“This has been happening for five days now,” Marisa states. She claims that when contacting Etsy, the company will respond after 24 hours, and eventually, give the account back to the hacker for unknown reasons.
Etsy’s response to seller getting her account hacked
The TikToker says she received an automatic notification from Etsy that the email address for her account has been changed. In the email, there’s a blurb informing her that if she didn’t approve this change, she should go to a particular link. But according to Marisa, the URL is just “plain text.”
Furthermore, she says that Etsy will not let her delete the account until 180 days have elapsed, as that is the return period for purchases from her store.
The hacker was able to access the account again using an email address that had Marisa’s “full legal name,” which they got via her Etsy account.
“But worse than this hacker is Etsy,” she concludes. “I don’t know if they have a friend inside, but Etsy continues to give my account back to a known hacker, putting me at risk, my identity, my customers. So if you have an Etsy account, delete it, because they’re very susceptible to security breaches.”
In a follow-up video, she noted that two-factor authentication is poor, as Etsy was able to bypass their program to let her back into her account. The frustrated TikToker also believes that there’s “someone from Etsy’s team who is helping this hacker.”