Sign in to participate in this discussion.

Heads Up! ComPromised account : customer is accessing my account

sent a client a link to my SOLD page and found out that if we do this, it also allows that person to see not only all sold items, prices and customer addresses, but to get into the rest of the account as well - including convos and billing. And yes - this client did get into my private information and is contacting my customers. She is an Etsy user but not a shop owner

I changed the password but ran a test: Sent another one of my email addresses the link from my sold page (while signed in) and yup - I can access all details of past sales, and get into the convos and billing details.

What to do about this? Do I have to cancel my Etsy account and start a new shop?

10 Responses

Frankly, I didn't really believe you, Helena.
So I tried it.

While signed in I sent a "sold" item link to another personal email address. Received and clicked on the link (on same computer, still signed in) as though I were someone else. I can see and access all my account info/bill/etc. Maybe if I was signed out when it was clicked it wouldn't happen, but this looks like a PROBLEM!

Going to sign out and see what happens...
I was so shook up upon realizing what happened that I misspelled "Compromised" ! Had to smile at myself.... Im sure there must be away to fix this other than opening a new shop.
Hi Helena,

First off, I am not seeing any unusual activity in your shop. It looks like just you. That link will not allow others to access your data without signing in to your account. You, of course, can access through that link because you are signed in. Others will be linked to *their own* sold order page. Did you provide that member with your password?

Could you convo me the name of your customer? How do you know this person is contacting your customers? I will most certainly investigate this. Thank you!
I just did a second test: stayed signed in to Etsy on my own computer; fired up the laptop and checked email for the address I sent the link to. My sale details/shop access was NOT visible when I clicked that link. However, as soon as I also signed in to Etsy on that laptop computer, the link again showed all the user-private info. I'm assuming that being signed in on a computer tells the link, even through an email, that I am the Etsy user?

The way this would be potentially a problem would be on a shared computer or perhaps through a work network or similar? How your client did it is unclear to me.
I dont know either. We were talking about the designs, then she just started reading off my customer's names ( some are cross over clients, others repeat buyers) and what they'd paid, laughing and commenting about the necklaces.

She's not a computer whiz - this would have happened by accident.
Oh No!!!!

Please don't tell me this.

off to check my convos!
She had to have obtained your password in some way. I just tried this with my mother. I've never been signed in on her computer and I sent her a transaction link. She got the Uh-oh wench and a message that said:

You are trying to view a receipt that does not belong to you.
Go back to Etsy.com

I also tried it on my computer. I copied a transaction link in Firefox, opened Google chrome and pasted it in. I got prompted to open an account with Etsy. (My mother probably had her browser set to auto sign in to her Etsy account because she saw the uh-oh wench and I didn't.)

Have you ever been signed in on her computer?
So here's the link to my (Matt's) sold order page. You will notice it is identical to your sold order link.


If you are signed in to Etsy, it will show your sold orders. If you are not signed in , it will go to an Uh Oh page. Without a password, there's no way to access a shop, whether it be yours or anyone else.

How she gained access to your customers is a matter best brought up with her. But I see no suspicious activity in your account at all. I hope that helps. Thanks all!

Unfollow username?

Are you sure you want to stop following this person?

Report a post

Thank you for taking time to help Etsy! Please note that you will not receive a personal response about this report. We will review this post privately.

Why are you reporting this post?

Any additional comments?

Edit Post

Edit your post below. After editing, the post will be marked as edited and the date & time of the last edit displayed.

Edit Reply

Edit your post below. After editing, the post will be marked as edited and the date & time of the last edit displayed.

Enter at least 15 characters. 400 remaining.


What is this?

Admin may choose to highlight awesome community posts that are friendly, answer questions, and offer informative links.

What does it do?

Highlighted posts are placed at the top of each page in a thread for greater visibility.