On Wednesday, Etsy was rocked by a massive security breach that resulted in the personal information of some 100 million users on the social media website.
The incident, which was initially described as a data breach, has since become the subject of a Reddit thread on the popular platform, where users have started discussing the “epic” data breach.
“As a community, we all want our information to be safe and secure.
The way this happened was extremely unexpected, and we are incredibly grateful to everyone who was affected,” the company wrote in a blog post about the breach.
“We are doing everything we can to make sure our users are safe in the future.
Etsy is a company dedicated to supporting the security of our users’ information, and it is important that all of our employees, customers, and partners have complete confidence that our data is safe and secured.”
Etsy said it has updated its privacy policies to remove the terms of service that have previously prohibited the company from sharing users’ personal information, such as their email addresses.
Etsy said it will be “continuing to work with our community and users to resolve this situation as quickly as possible.”
“While we are deeply sorry for the impact this breach has had on our users and on our community, Etsy is committed to making our community even safer and more secure than it already is,” the Etsy post continued.
“The security of Etsy users is our highest priority, and in addition to being an independent company, we have a strict zero tolerance policy for unauthorized access to our data.
We will continue to monitor this situation closely.”
According to the New York Times, the breach could have been caused by an unpatched vulnerability in Etsy’s API, which allows third-party websites to communicate with the site.
Etsy says that the vulnerability has been fixed, but that it has not identified the vulnerability or what kind of attack was responsible.
“As we discovered the vulnerability, we immediately began testing new and better ways to protect our customers’ data,” Etsy wrote in its blog post.
“In the coming days, we will be updating our API to better protect against attacks.”
The company has been criticized for not having a robust internal security process for the site, which allowed third-parties to access data and install malicious software on customers’ computers.
Etsy had previously said that it would implement a “back door” into the API that would prevent third- parties from accessing the personal data.
After the breach, Etsy said in a statement that it had “a zero tolerance approach” to cyber security.
“We took immediate action to mitigate the risk of a breach and have been working closely with our vendors and partners to provide a more secure environment for our customers,” the statement said.
“While we have not identified any specific vulnerabilities, we are taking additional steps to improve our security and will share additional information as we know it.”
“We’re extremely thankful for the tremendous support of our community,” Etsy said.
Ebay also confirmed that a vulnerability in the marketplace’s API was exploited, though it did not name the vendor.
Amazon, Google, eBay, and other large online retailers all released statements about the incident.
eBay also confirmed a data compromise, but did not provide more details.
“The company is taking steps to address the issue as quickly and effectively as possible and will provide more information as it becomes available,” eBay said in an emailed statement.