eBay Says Etsy Is Wrongity Wrong To Blame It For Spam Problems

Yesterday, we reported that the craft honchos who run Etsy have noticed an increase in hijacked accounts sending out spammy messages, and they put at least some of the blame on users with the same passwords on both their Etsy and eBay accounts. However, eBay counters that this is not their fault, since unencrypted passwords weren’t part of last month’s account data breach.

EcommerceBytes brought this news to our attention yesterday, pointing to a blog post from Etsy that puts at least some blame for the spam on recent prominent user info breaches, explaining that a breach at one site puts others at risk because people are lazy. “Whenever this happens, it can put accounts on other websites that have not been attacked at risk, especially if the same login information has been used across multiple websites,” the company’s VP of Technical Operations blogged.

Not so fast, eBay says: the baddies got customer data by breaking in with employee credentials, but not passwords. Customer passwords are encrypted and an employee couldn’t see them. An eBay representative told EcommerceBytes that everything is just fine on their end.

“We see no evidence at all of fraud activity and there are normal levels of buying and selling on our site,” the eBay rep wrote. No unusually rampant message-spamming or account-hijacking over at eBay.

Of course, all of this finger-pointing just brings one important issue to the spotlight: you should devise strong and varied passwords for each different sites that you use.

eBay Pushes Back on Etsy Hack Claims [EcommerceBytes]

Read Comments1

Edit Your Comment

  1. furiousd says:

    As noted by XKCD’s Randall Munroe, a long and unique password for each account is necessary. The definition of “Strong” changes so many times based on the site it’s helpful to look at what truly makes a strong password.

    http://xkcd.com/792

    http://xkcd.com/936