DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

“Human error” exposed sellers’ names on Etsy.com

Posted on September 25, 2010 by Dissent

Due to an “internal human coding error,” online marketplace Etsy.com exposed over 1,900 sellers’ real names on their website on September 20 instead of their shops’ names.

In a post on its website, Chad Dickerson explained:

We had an issue in Treasury earlier today where the “full name” field that we gather at seller registration replaced the shop name in pages that display individual Treasury lists. Other pages were not affected, including the index of Treasury lists. This problem was due to an internal human coding error. This “full name” data is gathered on a page that you only see when you register as a seller: http://www.etsy.com/register_seller1.php This name is only used by an internal customer service tool and is not related to credit card, billing, or any other information on the site.

According to the time line provided, the problem was detected within 15 minutes, and the site was displaying properly again 38 minutes after the problem occurred.

In a subsequent blog entry, Dickerson reported:

This issue affected at maximum about 2% of total Etsy sellers. This figure includes all sellers featured in the Treasuries that were viewed today.

The total individual Treasuries viewed while the bug was out was 1912. Of those:

* 1628 were viewed 5 or fewer times
* 1372 were viewed 2 or fewer times
* 1064 were viewed only once

Now I realize that most of the organizations that use my sites to find breaches to include in their databases will probably not include this breach because it “only” exposed sellers’ names. But I think it serves as a useful reminder that even unintended exposure of “just” a name can be very problematic for some people. The thousands of comments on Etsy.com’s forums about the incident remind us all that identifying or accidentally “outing” people can have potentially serious consequences for some.

Category: Breach IncidentsBusiness SectorExposureU.S.

Post navigation

← (Update) Lincoln golf courses, restaurant sources of credit card leaks
Pointer: UK using stolen data to nail tax cheats? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.