Ohhh, Artfire

Over the weekend Artfire had a security breach which resulted in the leak of customers private information to other customers.  While this doesn’t seem ALL that bad, any security breach at all is an issue and Artfire doesn’t seem like they are going to own up for it and make a public announcement.  They claimed at first it was only as many as 100 customer’s information released.  Now Tony, the whoever he is, claims he sent notices to the ‘thousands’ affected.  To date, I still have not gotten an email, however, I WAS affected.  Someone shopping for their mother’s birthday made a rather large purchase and as they clicked through, my shipping information was sent to the shop.  The shop then shipped the item.  TO ME.  Also, an email is NOT a public statement, especially when it fails to reach those actually affected.  Tony’s rationalization about this?

Correct:   People who saw different info were not the affected parties. It is the shipping info owner who was affected, so they were the group we emailed to.   More specifically, because we could not determine fully who exactly comprised the group, we emailed people ranging from 24 hours before it was reported to well after it was patched.

For those who feel a public statement should be made, I would assert that doing such a thing is irresponsible.  It is correct and responsible to notify and apologize to the parties affected, which we did.  This is standard industry practice in  marketplaces and even in banking and medical fields.

It would be irresponsible to create uncertainty for the remaining 99% of shoppers who can not possibly be affected.  Doing so increases shopper uncertainty.  Uncertainty reduces sales.  That is a negative outcome for our sellers.

At the end of the day I have a responsibility to our sellers.  This includes a responsibility to fix the issue as quickly as possible once we were aware of it, a responsibility to contact those affected and apologize in a way that makes it clear the sellers were not at fault and a responsibility to minimize the uncertainty impact on unaffected shoppers.

Thanks.

This clearly states that Artfire is more concerned with the profits of the sellers than anything else.  Many sellers/shops on the forum made comments that basically dismissed buyers fears.  At one point some very short sighted seller made the claim that everyone’s info is online and SHE doesn’t ‘hide from bill collectors’ so she doesn’t understand why anyone would care if anyone else had their name, address, and email.  What?  Really?  First of all that is very insulting.  Second of all… no, MANY people’s private info is still very much private.  As someone who has had a stalker and had to file charges and sit through court because of this, I am APPALLED that people take the lack of security measures and the lack of a proactive response so lightly.  At one point they actually seemed to be blaming a victim of the leak for not sitting RIGHT at her computer to report that the information had been fixed.  And while Artfire claimed it HAD been been fixed, the information was still available hours after they claimed they’d corrected the mistake.  Then?  The sellers who have some sort of ‘elite’ status with Artfire took it upon themselves to start a private thread which I can only assume is mocking the concerns of those affected.  Really, Artfire?  You condone this?

One seller states The whole event is now history, the bug has been repaired.  This is not true, it’s not ‘history’.  I know that the seller who I dealt with who was affected by this has a few outstanding packages that need to be returned to her and she’s since decided to stop crafting because she was basically demeaned (although she was never named personally) as being a bad seller for not GOOGLING HER BUYERS ADDRESSES herself because she trusted the Artfire information to be correct.  She may well be out a bit of money.  For something that is now ‘history’, I have no idea why then I’m taking time out of my schedule to deal with this or indeed, why a few responsible sellers I know are now dealing with manual invoices because they closed shop for the time Artfire was affected.

You can read several posts about it:

Here

Here

You can read the thread on Artfire where the concerns were dismissed here.

Needless to say I will NOT be setting up shop with Artfire and I’m now even MORE behind in both time, effort, and funds.  While no, I’m in no way claiming that right now it is unsafe to shop with Artfire, I’m just saying this does NOT sit well with me as a potential seller myself.  Since Artfire has no interest in publicly posting regarding the security breach, I thought I’d take the time to mention it myself in case any of my 1,500+ readers were on Artfire over the weekend and not notified.

But no, I guess this really WASN’T all that big of a deal, huh. /sarcasm

So, does anyone else have any suggestions for me?

I’ve put WAY too much into setting things up (including paying for graphics, supplies, shipping, etc etc, sewing samples, creating templates, finding sources) to walk away from my project, but I sincerely don’t want to have to set up another domain and have to administer my own shop.  I really wouldn’t be able to devote enough time to that to ensure things like these breaches don’t happen.

Advertisements

26 Responses to “Ohhh, Artfire”

  1. Seriously, eff Artfire so freaking hard, man. Ugh.

    I recommend you check out BigCartel or Zibbet- LOTS of Etsy sellers migrated to Zibbet during the forum closure, so there’s that. I believe Zibbet is also free, whereas BigCartel is not but it can be made to look SO pretty. Failing either of those options, or doing a WordPress blog/shop thing, I think that even Etsy is more appealing as a place to set up shop these days. Despite their fees and crap treatment of all users, both buyers and sellers, at least they never sent anyone other people’s full names, home addresses and emails. :/

  2. Many crafters who don’t wish to deal with either Etsy or Artfire have set up shop on Zibbet.

    http://www.zibbet.com/

    Others have set up on BigCartel. http://www.bigcartel.com/

    Still others have gone for Shop Handmade. http://www.shophandmade.com/

    My only beef with Shop Handmade when it originally launched was the time and web pages they devoted to bashing the other selling venues. I’m not a huge fan of Artfire, but it left a bad taste in my mouth.

  3. I second Zibbet. Between Etsy’s breach of customer info/sales of info BS and muting/account deleting of anyone who says a bad word about them, and ArtFire’s apparent constant fuckery by going back on TOU, previous sitewide statements, and failure to inform customers and sellers alike of the latest scandal, I’m moving on.

    Creative Breakroom, a handmade community forum, recommended that I check out making a site on Weebly.com and maybe try Zibbet (where I’ve had an account since about the time they opened) and a few other places. Actually, they have a subset forum talking about the highs and lows/user reviews of various outlets. Maybe you should check it out? http://creativebreakroom.com/viewforum.php?f=4&sid=2435e0048d378f305c18b0b2f3e0ee4f

    • Is it just me, or some of the people on that forum drinking the ArtFire Kool-Aid? I see people blindly believing the junk ArtFire said about the bug being fixed immediately, that everyone affected was notified, et cetera. Not okay!

      • What I find is amusing it the one seller who kept insisting that they knew EXACTLY who was affected and they were notified and yet Tony CLEARLY states a few times they had NO IDEA how many might have had their info compromised.

  4. WTF. It’s like etsy all over again. With an additional dose of snob.

    I have no suggestions for you, though the ones people are posting up here seem decent. I wish you the very best of luck. I’d love to see a decent online shop-hosting site crop up and support your crafty outlet :/

  5. Before all this, I’ve avoided ArtFire because I absolutely hate their web design. It’s just awful and not user friendly. However, I made a purchase a few months ago; OHWTO set up shop there so it was the only place for me to buy.

    Is there any way to find out if my information was compromised?

  6. I was a big proponent of Artfire after the Etsy privacy bust, and this “minimal problem” infuriated and upset me. Not just the handling of it, but also the rudeness and real nonchalance and ignorance of the sellers that brushed it off and were more consumed with their own jealousy to address legitimate concerns of frequent Artfire customers.

    Without going into too much detail, but as someone who’s been legitimately stalked, I am really upset with how this was dealt. I am also someone who likes to shop online; sue me! Just because it doesn’t affect YOU, doesn’t mean it’s not an ISSUE. If it happens to one person or 10,000, it’s still a HUGE problem. With my past experience, I’d have been really, REALLY enraged and scared if my address were to pop up in someone else’s form.

    Thank you for writing this post. I won’t be shopping there anymore.

    I hope you can find a good solution for your own shop, so we can start buying your lovely creations! I have shopped on Zibbet before and had a good experience.

  7. Talk about not learning anything from other people’s mistakes.

  8. I’m closing my Artfire shop due in part to this issue, and will be using a WordPress setup while my own site is in the process of being set up. I’ve heard good things about WP; that checkout is easy to manage and customization doesn’t require a lot of coding skills. I’ve also heard good things about the host Haus of Gloi uses for their stand-alone shop.

    Of course, I have the advantage of selling vintage, which makes keyword searches a lot more specific than with handmade (someone searching Simplicity 4456 Bust 32 is going to get a heck of a lot fewer results than someone searching Sterling Silver Bracelet!) and will make a stand-alone site easier. For handmade, I would probably choose an existing site like Zibbet, eCrater or Big Cartel if you don’t want to bother with a hosted stand-alone, or at least use one of those until you’ve built up enough of a following to move to a hosted site (which you may well already have!).

  9. I was affected…even though I didn’t order anything -because when I was going to checkout, my shipping info was pre-filled with someone else’s- I got the bug in my customer experience. And I’m not sure if someone else got my info, which really concerns me. I give a fuck if customer private info is actually available for everyone: my street adress and some other stuff isn’t public for many people and I’m very careful about whom I give it to, so this is just bullshit.
    I can’t believe they just decided not to make an apologie, even if 0,05% of the customers were affected they must assure security for ALL their customers, even if it’s a small range.
    This is so amataur of them, I’m really pissed off.
    And I’m really sad for those sellers who shipped their stuff and spent time and money; this is not only crashing ArtFire’s reputation but also the seller who has to explain their customers that they did all wrong because the system had a bug. I just can’t believe Tony FartFire is actually laughing about all this and saying it’s “history” now.
    Bite me, FartFire.

  10. I moved to Zibbet when ArtFire announced they were eliminating the Basic accounts. Zibbet has made multiple announcements explaining why they intend to keep their Basic accounts and has welcomed ArtFire and Etsy migrations with open arms. It has a very slight learning curve, it is set up differently from Etsy and ArtFire, but I don’t have any complaints (and it’s still easier to use than ArtFire’s new layout).

    As for ArtFire, after reading that they think making a public announcement *coughapology* is “irresponsible,” I have no scruples about sharing my supposedly confidential (can you say thinly-veiled threat?) email response to my complaints and request to close my account, if you’d like to see them. To sum it up, I got a few seconds of BS and my concerns ignored.

  11. How arrogant…. I’ve never shopped with ArtFire or anything, but dismissing the issue in that manner is simply reprehensible, morally and as a business.

  12. Awhellnaw. I’d been an ArtFire supporter since Etsy.. well, y’all know Etsy. Between this and the removal of basic accounts, I’m pretty sure they’re as good as gone. I’m certainly not going to pay them now.

  13. Wow. First Etsy, now this. I don’t think I was affected, but I’m still worried about shopping on Artfire :/

  14. I don’t have any suggestions for you but this is horrible! I was thinking of ordering from Antoinette’s Revolution Cosmetics but started leaning toward not ordering because I had heard about this. Now I’m REALLY glad I didn’t order.

  15. I am appalled at the reaction of Artfire and some sellers regarding this breach. As someone who values their privacy it makes me LIVID that anyone would either dismiss any concerns or worse buy into a blame the victim mentality.

    I wrote to Artfire after this to give them a chance before proceeding with the followup post to Complaints. I had hoped that the furor over the handling of the situation would have sparked some sort of mea culpa. The response I got to several very specific questions was a carefully crafted PR email that said they’d be willing to send me the email they sent to affected customers and did nothing to actually answer my questions. Artfire has a huge rug apparently because they are working very hard to sweep this under it.

    It is unacceptable. I am sending my email to delete my account tonight and will be posting the followup, including an examination of the Artfire Privacy Policy which they seemingly violated with this breach. I don’t expect people not to shop there but I do expect people to be able to know their rights and what they are giving up by even going to the site.

  16. This is astonishingly shitty of them. I am, however, pretty delighted to see you getting all stompy and sarcastic Grey. You should do it more often 😀

    • I’m right pissed. I put SO much time and money into setting up there that it hurts that they screwed up like this.

      • I’m sorry 😦 I hope you salvage it and setup successfully somewhere else. I got my package yesterday, thank you SO MUCH. I love everything! Royal Mail decided to utterly destroy one of the W’n’W colours but luckily it was the least-pretty one in the palette, so there’s that. I love the liner, too, it makes me wish I could easily get W’n’W here. It’s really soft but surprisingly smooth and drag-free.

        Also I want to cover the extra shipping, since I saw the label and know you hugely undercharged, but idk how to just send money with Google Checkout so can you invoice me for $5?

  17. This is upsetting for all involved..I’m really leery about buying things in the internet anyway..this makes me want to steer clear.

  18. I know this was a while ago and you;’ve had lots of helpful comments already, but if you’re still looking for a platform to sell on I would highly recommend Storenvy. I’m in the process of setting up my own shop right now and really love it. It’s entirely free, you can put up as many items as you like and get 5 photos per item, the stores are customisable so you can design your own colour schemes and things, they have a free facebook app so you can sell through your page, you can put your store into ‘maintenance mode’ while you’re working on it so noone can buy anything before you’re ready and you can list different ‘varieties’ (like colours or sizes) on the one item (unlike on Etsy where you’d need to list different sizes separately). 🙂

  19. I wonder how many sellers have yet to have packages returned to them that were sent to random people? Maybe Artfire should pay for the packages that don’t get returned, since it was THEIR fault they got sent to the wrong people!

Trackbacks/Pingbacks

  1. Persephone Minerals Sailor Mars Collection Review & Swatches | The Pretty Exclusive. - August 24, 2011

    […] the Artfire debacle (explained here very eloquently by Grey), I stopped by Persephone Mineral’s new shop and picked up a sample set of the Sailor Senshi […]

  2. Monday morning blahg - August 29, 2011

    […] Grey wrote a bit about Artfire’s giant privacy failure, linking to some other great blogs. This entire thing just tires me out, and it’s like Etsy all over again, and I don’t want to shop with Artfire even though many of my favourite sellers sell there because Artfire are douchenuggets and refuse to own up to their mistake, constantly belittling the problem. Also, I’m afraid I’d end up shopping with one of the people in the infamous thread licking Tony’s asshole and calling the people who got their privacy or their customer’s privacy compromised “batshit crazy” (Cupcake’s Quirky Corner). […]