As part of our ongoing commitment to keeping the Etsy community safe, we want to make you aware of a situation we are monitoring closely. Over the last few days, Etsy’s security and risk teams have been tracking an increased volume of convo spam.
If you have been following the news recently, you may have seen that a number of high-profile websites have suffered security incidents. These attacks unfortunately resulted in a large number of usernames and passwords from those sites being compromised. Whenever this happens, it can put accounts on other websites that have not been attacked at risk, especially if the same login information has been used across multiple websites.
It’s important to note that Etsy has no indication that we have suffered any compromise, and that your financial information and credit card data remain secure. Despite this we wanted to take a minute to remind you what you can do to help keep your Etsy account as secure as possible.
We recognize that some Etsy members use the same usernames and passwords across multiple sites, and that they may have been victims of the recent attacks aimed at other websites. We currently believe that the uptick in convo spam that we are seeing is a direct result of usernames and passwords stolen in other attacks being used to sign in to some Etsy members’ accounts.
If you share usernames and passwords across multiple sites, we strongly recommend that you take the following steps to protect your Etsy account(s):
- Change your password to a new, secure password. (Read this help article.) You should do this any time another site you use is found to have been compromised, especially if you’re using the same username or password elsewhere.
- Enable two-factor authentication, which adds an extra measure of security in addition to your password. (Read this help article.)
- Enable sign-in notifications if you are concerned about unwanted activity on your account. If Etsy detects anyone signing in to your account from a new browser or device, you will get an email notification. And if you are signing in via a new browser or device, you’ll be given the option to add it as a trusted device. (Read this help article.)
Our team of security and operations engineers are always monitoring the site for bad actors and risks caused by events happening outside our community, and strive to ensure that your information stays safe. We take every report seriously, and in addition to thorough review of each case, we’re always working hard to develop new ways to automatically detect risks and protect our members.
If you do see convos you don’t recognize, be cautious of following any links they may contain, and please help your fellow members by marking them as spam. To do so, select the message and click “Report Spam.” This will send the convo to your spam folder, as well as a report to Etsy so we can improve our filters.
If you’re concerned that your account may have been compromised or have any questions about extra precautions you can take to make your account as secure as possible, please contact us.