DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

“Human error” exposed sellers’ names on Etsy.com

Posted on September 25, 2010 by Dissent

Due to an “internal human coding error,” online marketplace Etsy.com exposed over 1,900 sellers’ real names on their website on September 20 instead of their shops’ names.

In a post on its website, Chad Dickerson explained:

We had an issue in Treasury earlier today where the “full name” field that we gather at seller registration replaced the shop name in pages that display individual Treasury lists. Other pages were not affected, including the index of Treasury lists. This problem was due to an internal human coding error. This “full name” data is gathered on a page that you only see when you register as a seller: http://www.etsy.com/register_seller1.php This name is only used by an internal customer service tool and is not related to credit card, billing, or any other information on the site.

According to the time line provided, the problem was detected within 15 minutes, and the site was displaying properly again 38 minutes after the problem occurred.

In a subsequent blog entry, Dickerson reported:

This issue affected at maximum about 2% of total Etsy sellers. This figure includes all sellers featured in the Treasuries that were viewed today.

The total individual Treasuries viewed while the bug was out was 1912. Of those:

* 1628 were viewed 5 or fewer times
* 1372 were viewed 2 or fewer times
* 1064 were viewed only once

Now I realize that most of the organizations that use my sites to find breaches to include in their databases will probably not include this breach because it “only” exposed sellers’ names. But I think it serves as a useful reminder that even unintended exposure of “just” a name can be very problematic for some people. The thousands of comments on Etsy.com’s forums about the incident remind us all that identifying or accidentally “outing” people can have potentially serious consequences for some.

Category: Breach IncidentsBusiness SectorExposureU.S.

Post navigation

← (Update) Lincoln golf courses, restaurant sources of credit card leaks
Pointer: UK using stolen data to nail tax cheats? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.