Sunday, August 21, 2011

Sunday Sprinkles-ArtFire Security Breach

***Edit at bottom***



ArtFire FartFire

 (Photo snagged from crazyphoto.com)

 I am not pleased with ArtFire as you can probably tell.

Friday evening one of my favorite shops announced they had just restocked the beloved Black Magic Soap. This stuff is a hot commodity so if you don't jump as soon as it is restocked you may miss out. Anyway while people were trying to check out they got a surprise and NOT a good one. Let me just say that it was NOT the shop owners fault at all. Apparently ArtFire had some issues. Issues that were auto filling peoples shipping information with the wrong info. Not just the wrong info but other customers info, including name, address and email address. As soon as this shop owner was told she checked it out and immediately closed her shop. Again this was NOT her fault and I applaud her for acting so quickly for the safety of her customers. She quickly went to work contacting ArtFire in every way possible and warning others of what was going on and to be careful until it was fixed. I myself tried to make a purchase and was given another ladies shipping information not once, not twice but 3 times that night. So I went to the ArtFire Facebook page and left them my thoughts, there are several others who have posted similar things happening to them.


ArtFire NEVER made an announcement on their fan page about this issue. When I woke up and logged into my ArtFire account I had items in my cart that I know I had not put there from a shop I had never heard of. That means not only had I received someones info but that my info had been shared with another customer. Notice in the above screen shot that was not addressed by ArtFire with me. 

I found a link for the ArtFire forums and saw that the original shop owner had posted there asking for help. In my opinion from what I read she as well as customers were basically treated like it was no big deal.


First of all I don't care if it was 1 cart or 1,000 carts it happened, it doesn't make it any less of a privacy breach. He can say what he wants but I always have logged into my account to buy. Most people I know who shop with ArtFire have accounts and log in to buy. This is a way for customers to keep a better record of their purchases online. So I put his theory into play. No matter what I did I still got another customers info. I used 2 different browsers one as a guest one logged in to my account. I cleared cookies, cache search history, any and every way I could imagine to try to get different results. Every time I got the same results.
 Not only did ArtFire staff have this attitude but so did several shop owners that were commenting in this thread. Which did not leave a good taste in my mouth. As the thread went on the snide rude comments towards potential customers and other concerned shop owners got worse. Even going as far as to bash a seller who because of this "glitch" shipped to a wrong address, and saying we were hysterical and causing a panic that was not necessary.


 Ummm wait a second. Not necessary to notify customers and shop owners that there is a security breach? That is ridiculous to even suggest that information not be made available as soon as it was discovered, and even more ridiculous that ArtFire did not notify their customers of the security breach. I was even personally criticized for not staying in the forums and playing tech support for ArtFire.


Customers were called "bat-shit crazy" by one shop owner. Really???? Wow what a great way to treat a potential customer, or a customer who has had the privacy violated.


Customers were being told that because we use the internet we are essentially asking for our info to be taken.
Now I would like to point out that ArtFire said their patch was put into effect around noon on Saturday.


Then why was it at 6:49pm I was still getting other customers info?


While some may say well that could very well be your info blacked out. I can assure you it is not mine. I personally contacted this girl to let her know that I had been given her info from ArtFires glitch. 

I have provided links above to the different places you can go read this mess for yourself if you choose to. I truly hope that the "glitch" has been fixed for the sakes of everyone involved, especially the customers whose trust and security was breached. 

To those shop owners who criticized, blamed, made customers concerns seem invalid, and excused the lack of security SHAME ON YOU!!!  As a customer I want to know that one of a shop owners main priorities is the safety of my personal information. How would you feel if for some reason a site you trusted to keep your info safe had done this to you? How would you feel if you were the momma who is in hiding from an abusive ex, or the person who doesn't use social networking sites, or even the person who got contacted from a complete stranger saying oh hey I have your info? It is real easy to say well it wouldn't bother me until your foot is in that shoe. Maybe try thinking like you're the customer instead of playing cheerleader for the site administration team.

To the shop owners who stood up for us customers THANK YOU!!! I appreciate that there are good honest people like you out there. It is businesses like yours that deserve to be recognized. I know that you didn't have to stand up for us but you did even with being treated like crap for doing it. You have shown not only myself but many others that you have morals and respect your customers business and their privacy. My hope is that you have double the sales you normally would because of the concern you have shown. Thank you again.


***Edit***
8/23/11- Yesterday I began getting hits on this post linked from ArtFire. When I went to check it out, hoping there were some answers I found this.


Here is the link the hits were coming from click here.
nas·ty  (nst)
adj. nas·ti·er, nas·ti·est
1. a. Disgustingly dirty.
b. Physically repellent.
2. Morally offensive; indecent.
3. Malicious; spiteful:
4. Very unpleasant or annoying.
5. Painful or dangerous
6. Exasperatingly difficult to solve or handle


I will have to disagree with the statement that this blog post is nasty. 
1. It is not dirty, I take pride in keeping things clean. Although some could construe my pooping gummi worm post as being a little on the dirty side. 
2. I don't see it as morally offensive at all. What I do find morally offensive is making a forum thread about my post and not allowing me to defend my stance. Considering what I have had to say is here in the open for anyone to see and form their own opinions on. 
3. What I have posted here is not malicious, I don't intend harm for anyone. My intention were to make my readers aware of a security breach by being open and honest providing them with the links to read and form their own opinions. 
4. I guess to those who were offended by this post it may be unpleasant or annoying. When someone is called out on their behavior it does tend to be a little unpleasant for them. 
5. Painful or dangerous  for someone? Well maybe if you drop your laptop on your foot, or hit a key with that finger that has a hangnail.
6. Sometimes being shown another prospective of a situation can be hard to handle. Mainly because it gives the other person a view of their actions and they may not like what they see or may not want others to see that side of them. That is easy to solve though. A very wise person once told me think twice post once. This is advice I take with each and every post I make here.
What is a Firementor? A Firementor is a group of members who have volunteered their time to help other members either with questions posted here on the forum or privately through email and/or phone communication.  They have the little blue book icon above their posts.
What is a Firementor Forum? It appears to be a forum on ArtFire for a chosen group of ArtFire members to make posts in private.
Obviously some of Firementors feel it is morally ok to make threads in a forum I can not access to discuss me and my blogs content. To each their own I will continue to express my concerns here in the open and hope that my readers will make informed decisions.

 


Peace, Love and Cupcakes

18 comments:

  1. I appreciate you taking the time to put this post together. One of my friends wanted to open an account on Artfire, and after I sent her this, she is no longer too keen on it. I can't believe shop owners went as far to criticize and insult potential customers just because their own personal information was not breached. The lack of concern/respect for the situation is awful.

    ReplyDelete
  2. Thank you for taking the time to read my post Anz. I was and still am rather disappointed in most of those sellers as well as ArtFire. The lack of concern was eye opening for me as a customer.

    ReplyDelete
  3. Thank you for posting about this. ArtFire should not be given a free pass on this. I hate how they are trying to pretend like it's not a big deal and can't even APOLOGIZE. I know it probably won't do much of anything, but I still filed a complaint with the BBB.

    ReplyDelete
  4. Thanks for writing this all out; talk about a nightmare :/ Invoicing customers directly thru Paypal was the LAST thing I wanted to do this weekend, and I totally didn't have time to write anything this verbiose. Well done! I do believe I will link to this post on my blog, if you don't mind? :D

    ReplyDelete
  5. @Jessi I agree. ArtFire needs to step up and take responsibility for this and let the customers and shop owners know what has happened.

    @B Of course you can link to this on your blog. I want to thank you for making your customers aware of the problem. You handled the situation beautifully.

    ReplyDelete
  6. Great post, Christie, & thank you, Becca, for acting so quickly to protect your customers. I read that ArtFire thread last night, & was very disappointed at how cavalier some of those other sellers were towards the security of their potential customers' privacy; as well as the ArtFire admin's own dismissive tone & claiming that they acted upon it "immediately," when they had been notified 13 hours before they claim to have been "looking into it." Didn't many people run from Etsy just for releasing customers' names, & here it included both physical & email addresses? *sigh* Not everyone's info can be found in the phone book, or even online. One comment I saw mentioned something along the lines of (sorry, I'm not logging in again to get the quote, but if it wasn't deleted, I'm sure there's a screenshot that will be posted by someone this week), if you're trying to avoid someone, that's what restraining orders are for; but if someone has a stalker who is so determined that they feel the need to keep their address secret, it's very possible that's the type of stalker who would not give a restraining order much thought. >.>

    ReplyDelete
  7. Thank you for the post. I shall be sharing this info widely. It's awful Artfire didn't apologise and they and some sellers have such a lax attitude toward customer personal information and privacy. I'll be closing my buying account ASAP.

    ReplyDelete
  8. @Miss Jupiter thank you :o)
    You make a good point in your comment. Artfire did not act immediately, and when they did address complaints on their fan page it didn't include an apology which would have went a long way. In fact instead of approaching the complaints on their page I feel they should have immediately addressed the issue by making a status update, tweeting, or even suspending any shopping until they were 100% sure it was fixed.

    ReplyDelete
  9. @Iris thank you for reading. I just felt it was very important to let people know what happened since ArtFire obviously didn't think it was important.

    ReplyDelete
  10. I have to respond to MissJupiter first, to say that anyone who takes restraining orders that lightly needs to shut the heck up. The thing with restraining orders is you have to list your home address, your work address, anyplace you are regularly. Then guess what happens? They give it all to your stalker/abuser/harasser because that person needs to know where they can't go. Surprise, you're not hiding from them anymore!

    Christie - when Becca dropped the news on Twitter, I went looking for a public statement from ArtFire. Needless to say I never found one (and, in fact, STILL nothing on the ArtFire blog!).

    MissJupiter is right, a bunch of people went to ArtFire from Etsy after their security breach. I was one of them. Now I'm going to be looking into closing my ArtFire account.

    ReplyDelete
  11. @Shattered a lot of things that were said in that forum were beyond ridiculous, the restraining order comment being a very good example. I also have been keeping my eye open for a public statement from ArtFire that this happened and have found nothing. I followed a few sellers when they left Etsy to go to ArtFire, and it makes me sad that they are now having to once again move. I wish all of the sellers the best of luck in finding a place that they are comfortable with.

    ReplyDelete
  12. This was a major breach of security and probably why artfire admin would like to keep it as low profile as possible. The potential fallout from releasing someones personally identifiable information goes well beyond losing sellers and buyers. Artfire is lucky they are not very well known. Most of those sellers are completely clueless as to what PII is, the seriousness of this and that it could have devastated the site - while that would be a worst case scenario, certain agencies take the the release of PII very, very seriously.

    ReplyDelete
  13. Christie, you're my hero for posting this stuff. I won't be shopping Artfire again, and to make it perfectly clear why, for those hiding in their private forum- it's not because Artfire had a "glitch", "security breach", what-have-you. It's because of the attitude that concerned shop owners received from Artfire and other sellers. I am appalled at the cavalier attitude and insults offered. I will take my "bat-shit crazy" money and shop elsewhere.

    ReplyDelete
  14. @Anon- Thank you for your comment. I am glad to see that I am not the only one who sees this as a serious issue.

    @Amanda- I'm no hero :o) just a customer who thinks that people deserve to know the truth.

    ReplyDelete
    Replies
    1. HEYYYYYYYYYY Mommy, Hannah

      Delete
  15. Thank you for the info. I'm definitely not keen on shopping in Artfire after this and other things and especially, because of their reaction to such serious issue.

    ReplyDelete
  16. I saw the thread the COO Tony Ford posted in, to the seller's customers who had come to the AF forums very upset. His answers to them was, it was only your names and address, not financial info., this stuff happens.

    One of the helpful mavens said it was "no big deal". I believe the seller and her customers were very very frustrated by the obtuse people they encountered. I was sickened by what I saw happening. I closed three shops that day. I did not want my customers handled like that ever by this team of mental giants.

    ReplyDelete
  17. Can you tell how to catch a stalker.

    ReplyDelete

Labels

3 cupcakes (1) 5 cupcakes (7) adopt a dog (1) American Apparel (1) American Apparel polish (1) Andrew Compton (3) Angel (1) ARC (1) ArtFire (1) bad business practices (1) Barielle (1) Barry M (1) beagle (1) birthday (1) Black Friday (1) black polish (1) blood work (1) Boston bombings (1) breast cancer (1) brown polish (2) bullying (1) buyer beware (2) buyers warning (2) Cadence (1) CandleLynn (1) Caylee (1) challenge looks (2) Charm Factory (2) China Glaze (3) Chocolate (1) Christmas (2) Connecticut shooting (1) crelly polish (3) Cupcake inspired (2) Cupcake kitchen (1) cupcakes (1) curls (1) Darling Clandestine (2) dating (1) Delightful Incense (1) depression (1) discount (1) Dollish Polish (1) Dots (2) Easter (1) Ecigs (1) Essence polish (1) Evil Shades (3) eyeballs (1) facebook giveaway (1) family (3) Fantastic Faces (3) fast dry polish (1) Fathers Day (1) FDA (1) Finger Paints polish (1) Food (1) foster parent (1) Friday Freak Out (1) Friday Night Nails (1) friends (2) frizz (1) Fur babies (1) gall bladder (1) Geek Chic (2) gifts (1) glitter topcoat (8) Glitz'd 23 (1) goals (1) gold glitter polish (1) Gold nail polish (1) Gold polish (1) green glitter polish (1) Green Polish (2) grey polish (1) group challenge (2) guest post (1) hair (1) Handmade (7) Hannah (5) health (1) Hit Polish (7) hologlam 2013 (1) Holographic (1) holographic glitter (2) Holy Grail (1) in memory (1) indie cosmetics (2) indie polish (13) jelly polish (1) Jindie Nails (1) Kadie (2) KBShimmer (2) kids (1) Kunimitsu polish (1) Lady Grenade Cosmetics (1) laugh (1) leave in conditioner (1) Lipsticks and Lightsabers (1) Little Mouse Ears (1) Lynn (1) mani (1) me (1) memories (1) mental health (1) mental illness (1) Missy's Tempting Tarts (1) mold (1) mom (1) Monday Morning My Way (2) nail art contest (1) nail polish (9) Nail polish pal (2) nail tragedy (1) necklace (1) Neon (3) Nerd Lacquer (1) neutral polish (1) new year (1) Nina Pro (1) Northern Star Polish (1) Not Making It Up (2) NTMS2 (3) OPI (4) Orange A Peel (1) orange polish (2) Orly (2) other giveaways (4) Painted Lady Fingers (1) Parnevu (1) Patch (1) Peanut (1) Phyrra (1) pink polish (1) platinum (1) polish budget (1) polish remover (1) Prize (1) Pure Ice (1) purple polish (1) Rag Doll Bath and Beauty (1) Random (2) Ray (1) red glitter polish (1) red polish (1) review (1) RLR Creations (1) Rockeresque Beauty (1) Rosie (1) Ruby White Tips (1) sad (1) sales (4) Sally Girl (1) Sally Hansen (1) Santa nails (1) secret Santa (1) Shop your stash (1) Sierrah (3) Silly Lily (2) silver glitter polish (1) Simply Sweet Skin (2) Sinful Colors (2) Sinful Scents (1) Skin Food (1) Skittlezz (1) soldier (1) Sophie (1) Spring 2013 (1) Sunday Sprinkles (15) Support (1) swatches (1) Target (1) Taupe polish (1) Team Pinkeye (3) tragedy (1) Unsafe (1) Valentines Day (1) violet nail polish (1) Whimsy Beading (3) white nail polish (1) why (1) winter nails (1) Working Together Wednesday (9) worms (1) Yellow polish (1) Zombie Flesh (1) Zoya (3)