Hi I am Louise and I run The Personalised Map Company where I specialise in unique map prints for milestone moments. I make star map constellations and geographical prints for gift giving such as weddings, anniversaries, Father’s Day and Christmas.
I run my business on a number of platforms including Etsy.
What to do when your Etsy shop has been hacked
Signs you Account has been hacked.
On January 3rd 2023 my etsy shop was hacked. After fulfilling several orders upon returning from the holidays, I left a few more outstanding to be fulfilled the next day. The next day I couldn’t get into my shop with my normal log ins. I discovered that my Etsy shop of 9 years, had been hacked and the hackers had changed the email address, logins, bank account details, and sent 200+ unauthorised orders via other hacked etsy accounts. Etsy flagged the activity and closed my shop for customer protection. I totally get this.
However, I wasn’t expecting what happened next! It has been so stressful and overwhelming.
First of all, It took me hours to be able to find info on how to contact etsy directly. Then days later someone shared the call back request link, which I am eternally grateful for! But this gave the hackers a head start on me! If you need the info I found, you can contact etsy without an account via these two ways.
What to do if you have been hacked on Etsy.
You can use this link to contact Etsy in writing for any reason – including when locked out of your account
You can request a call back here – but can only do it from a desk top / laptop
Second thing that shocked me was that Etsy has no specific department for fraud or hacking for shop owners. You have to go through general customer service’s which is fine but when your shop has been suspended or close, you don’t have access to that easily and it takes time you don’t really have to find the info.
Once I rang them, I thought I would be able to speak to someone in the right department…nope! They offer a first contact telephone service. Ask your name, take your query or complaint, tell you they are empathic or understand and then tell you they will email the correct department on your behalf and someone will be in touch. I had the same scripted responses each call and I must have called around 7 times in 6 weeks. Even when I burst into tears through the stress of the situation that I had no money to pay my bills, all I got was ‘yes I understand’. I asked to make a formal complaint, which I was told that the only complaints process is with the person on the end of the phone there and then., They have no formal complaints department and Ive had no reply to my complaint.
Third thing that shocked me was even when I got a response from etsy. They would link the convo to my old hacked account and the hacker could see and respond to that message. Once we had both replied, that was it, etsy left the conversation. I had to start contact all over again. And so did the hacker.
At two points the hacker even got into my account again. First time they started removing listings and putting their own up. I complained and asked for it to be restored. Etsy restored my old listings and on the 3rd time the hacker just opened my shop and STARTED PROVIDING CUSTOMER SERVICE TO QUERIES! whilst taking customer orders being deposited into their bank account but not fulfilling orders! I ended up messaging through the form every 3-4 days to tell them not to give my account back to the hackers, with a brief summary of the situation, so that there was always something in their pipeline, and I was complaining that it belonged to me.
On the 15th of February I eventually got full control of my account. However I still can’t change the bank account from that of the hackers! So that’s the next task, and it’s currently been 3 weeks without any reply back.
I’ve started the customer service route all over again and it’s been 4 weeks without a reply or resolution.
How to prevent hacking before it happens
Please set up 2 factor verification on etsy, be you a shop or a shopper, it will save you heartache and stress in the long run. Yes it takes 30 seconds longer to log in each time, but it means your details ( be that name, address, date of birth, bank details, log ins, what ever!) need to have 2 passwords instead of one.
Think about all the places that you use that could allow access to bank details and Make sure you have 2 step verification set up there too. Think about
Bank logo ins
Accounts where you store bank data ( or don’t store your bank data, much better)
Social media accounts
Keep your cyber security up to date, turn your devices on and off again regularly to allow it to. Use a virus protection on all devices, most include smart phones now too.
Set up strong passwords, don’t use words or personal data that can be guessed, use random letters, numbers and a password saver to collect and protect them.
being wary of suspicious emails or messages, don’t click on their links if you suspect anything is wrong.
I really hope this covers the key factors I have gone through in getting my shop back, and that they can help you if your shop has been hacked, or even better in preventing your shop from being hacked in the first place.
I got my full shop back on the 24th of March – some 12 weeks later – I reflected back on this time here