Etsy
Company Details
Linkedin ID:
etsy
Website:
Employees number:
9,103
Number of followers:
319,353
NAICS:
5112
Industry Type:
Homepage:
etsy.com
IP Addresses:
0
Company ID:
ETS_3113189
Scan Status:
In-progress
Etsy Company CyberSecurity Posture
etsy.com
Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. Etsy Inc. employees – whether a team member of Etsy or Depop – tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human. Founded in 2005, Etsy is headquartered in Brooklyn, NY with additional offices in Dublin and Mexico City. As of December 31, 2024, our marketplaces connect 8 million active sellers – including over 5 million on Etsy.com, 80% of whom are women – and 95 million active buyers in nearly every country in the world. In 2024, we facilitated over $12 billion in transactions.
Etsy A.I CyberSecurity Scoring
Etsy Risk Score (AI oriented)Between 700 and 749
Etsy
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Etsy Global Score (TPRM)XXXX
Etsy
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Etsy Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Etsy
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Over 1.6 million files containing personally identifiable information, such as full names, home addresses, email addresses, and shipping order details, have been discovered online. These files, allegedly belonging to customers of Etsy, Poshmark, and TikTok Shop, were found in two unsecured Azure Blob Storage containers. The exposure puts customers at risk of social engineering attacks and potential financial loss. The origin of the datasets is unknown, but it is suspected to be from a Vietnamese-based embroidery service. The risk includes cybercriminals impersonating trusted shipping providers or Etsy itself to deceive victims into revealing personal details or making payments.
Etsy Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Etsy
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Etsy in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Etsy in 2026.
Incident Types Etsy vs Software Development Industry Avg (This Year)
No incidents recorded for Etsy in 2026.
Incident History — Etsy (X = Date, Y = Severity)
Etsy cyber incidents detection timeline including parent company and subsidiaries
Etsy Company Subsidiaries
Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. Etsy Inc. employees – whether a team member of Etsy or Depop – tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human. Founded in 2005, Etsy is headquartered in Brooklyn, NY with additional offices in Dublin and Mexico City. As of December 31, 2024, our marketplaces connect 8 million active sellers – including over 5 million on Etsy.com, 80% of whom are women – and 95 million active buyers in nearly every country in the world. In 2024, we facilitated over $12 billion in transactions.
Loading...
Etsy Similar Companies
Siemens Digital Industries Software
We help organizations of all sizes digitally transform using software, hardware and services from the Siemens Xcelerator business platform. Our software and the comprehensive digital twin enable companies to optimize their design, engineering and manufacturing processes to turn today's ideas into th
Tencent
Tencent is a world-leading internet and technology company that develops innovative products and services to improve the quality of life of people around the world. Founded in 1998 with its headquarters in Shenzhen, China, Tencent's guiding principle is to use technology for good. Our communication
SS&C Technologies
SS&C is a leading global provider of mission-critical, cloud-based software and solutions for the financial and healthcare industries. Named to the Fortune 1000 list as a top U.S. company based on revenue, SS&C (NASDAQ: SSNC) is a trusted provider to more than 22,000 financial services and healthcar
Walmart Global Tech
Walmart has a long history of transforming retail and using technology to deliver innovations that improve how the world shops and empower our 2.1 million associates. It began with Sam Walton and continues today with Global Tech associates working together to power Walmart and lead the next retail d
Dassault Systèmes
Dassault Systèmes is a catalyst for human progress. Since 1981, the company has pioneered virtual worlds to improve real life for consumers, patients and citizens. With Dassault Systèmes’ 3DEXPERIENCE platform, 370,000 customers of all sizes, in all industries, can collaborate, imagine and create
Amazon Fulfillment Technologies & Robotics
On the Fulfillment Technologies & Robotics Team, we build dynamic partnerships between people and intelligent machines. This intricate collaboration helps Amazon fulfill orders with unmatched accuracy. Since we began working with robotics, we've added over a million new jobs worldwide. Working in s
Xiaomi Corporation was founded in April 2010 and listed on the Main Board of the Hong Kong Stock Exchange on July 9, 2018 (1810.HK). Xiaomi is a consumer electronics and smart manufacturing company with smartphones and smart hardware connected by an IoT platform at its core. Embracing our vision
Cadence
Cadence is a market leader in AI and digital twins, pioneering the application of computational software to accelerate innovation in the engineering design of silicon to systems. Our design solutions, based on Cadence’s Intelligent System Design™ strategy, are essential for the world’s leading semic
Founded in 2003, LinkedIn connects the world's professionals to make them more productive and successful. With more than 1 billion members worldwide, including executives from every Fortune 500 company, LinkedIn is the world's largest professional network. The company has a diversified business mode
.png)
Etsy CyberSecurity News
January 14, 2026 03:33 PM
Handmade by Amazon is ready to take on Etsy
Amazon has become the one-stop online shop for just about anything you might want. Now the retail giant is adding another string to its bow: handmade,...
January 10, 2026 08:00 AM
Cybersecurity experts are warning of scam password reset emails targeting Instagram users.
January 06, 2026 08:00 AM
Is Emerson (EMR) Quietly Reframing Its Industrial Edge Around Cybersecurity And Compliance Capabilities?
In late 2025, Cybeats Technologies Corp. announced a three-year contract expansion with Emerson, extending and scaling Emerson's use of the...
November 05, 2025 08:00 AM
Does the Recent Cybersecurity Partnership Make Qualys an Attractive Prospect in 2025?
Wondering if Qualys is really worth its current price tag? You are not alone. It pays to dig into what drives the stock's value before...
October 31, 2025 07:00 AM
50+ Amazing Business Opportunities for 2026
Uncover the most exciting business opportunities with 50+ profitable ideas—from online shops to service ventures—using proven ecommerce...
October 20, 2025 07:00 AM
AWS Outage: A Complete List Of Every Site And App That Went Down
A major AWS outage today has caused a global outage, taking down a significant portion of the internet. The Amazon Web Services being down...
October 03, 2025 07:00 AM
7 Important Small Business Trends (2024-2026)
You may also like: Key Business Trends · Massive Investment Trends · Huge Cybersecurity Trends · Almost 5.5 million new businesses were...
September 30, 2025 07:00 AM
OpenAI Ventures Into E-Commerce With ChatGPT 'Instant Checkout'
OpenAI launches Instant Checkout in ChatGPT with Stripe, Etsy, and Shopify merchants, opening a new chapter in AI-powered commerce.
September 30, 2025 07:00 AM
OpenAI’s ChatGPT now lets users buy from Etsy, Shopify in push for chatbot shopping
NEW YORK (AP) — OpenAI is turning ChatGPT into a virtual merchant that can help sell goods for Etsy and Shopify as the artificial...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Etsy CyberSecurity History Information
Official Website of Etsy
The official website of Etsy is https://http://www.etsy.com.
Etsy’s AI-Generated Cybersecurity Score
According to Rankiteo, Etsy’s AI-generated cybersecurity score is 705, reflecting their Moderate security posture.
How many security badges does Etsy’ have ?
According to Rankiteo, Etsy currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Etsy been affected by any supply chain cyber incidents ?
According to Rankiteo, Etsy has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Etsy have SOC 2 Type 1 certification ?
According to Rankiteo, Etsy is not certified under SOC 2 Type 1.
Does Etsy have SOC 2 Type 2 certification ?
According to Rankiteo, Etsy does not hold a SOC 2 Type 2 certification.
Does Etsy comply with GDPR ?
According to Rankiteo, Etsy is not listed as GDPR compliant.
Does Etsy have PCI DSS certification ?
According to Rankiteo, Etsy does not currently maintain PCI DSS compliance.
Does Etsy comply with HIPAA ?
According to Rankiteo, Etsy is not compliant with HIPAA regulations.
Does Etsy have ISO 27001 certification ?
According to Rankiteo,Etsy is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Etsy
Etsy operates primarily in the Software Development industry.
Number of Employees at Etsy
Etsy employs approximately 9,103 people worldwide.
Subsidiaries Owned by Etsy
Etsy presently has no subsidiaries across any sectors.
Etsy’s LinkedIn Followers
Etsy’s official LinkedIn profile has approximately 319,353 followers.
NAICS Classification of Etsy
Etsy is classified under the NAICS code 5112, which corresponds to Software Publishers.
Etsy’s Presence on Crunchbase
No, Etsy does not have a profile on Crunchbase.
Etsy’s Presence on LinkedIn
Yes, Etsy maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/etsy.
Cybersecurity Incidents Involving Etsy
As of January 25, 2026, Rankiteo reports that Etsy has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Etsy has an estimated 28,210 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Etsy ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Data Leak of Etsy, Poshmark, and TikTok Shop Customers
Description: Over 1.6 million files have been discovered online by researchers, allegedly belonging to Etsy, Poshmark, and TikTok Shop customers. These files contained personally identifiable information such as full names, home addresses, email addresses, and shipping order details.
Type: Data Leak
Attack Vector: Unsecured Azure Blob Storage containers
Vulnerability Exploited: Unsecured cloud storage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Unsecured Azure Blob Storage containers.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Leak ETS1001052925
Data Compromised: Personally identifiable information, Shipping order details
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Full Names, Home Addresses, Email Addresses, Shipping Order Details and .
Which entities were affected by each incident ?
Incident : Data Leak ETS1001052925
Entity Name: Etsy
Entity Type: Online Shopping Platform
Industry: E-commerce
Incident : Data Leak ETS1001052925
Entity Name: Poshmark
Entity Type: Online Shopping Platform
Industry: E-commerce
Incident : Data Leak ETS1001052925
Entity Name: TikTok Shop
Entity Type: Online Shopping Platform
Industry: E-commerce
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Leak ETS1001052925
Type of Data Compromised: Full names, Home addresses, Email addresses, Shipping order details
Number of Records Exposed: 1.6 million
Sensitivity of Data: High
File Types Exposed: HTML
Personally Identifiable Information: Full NamesHome AddressesEmail Addresses
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Leak ETS1001052925
Recommendations: Regularly check for data breaches using services like Have I Been Pwned, Monitor accounts, statements, and transactions, Report suspicious activity to your bank or credit card providerRegularly check for data breaches using services like Have I Been Pwned, Monitor accounts, statements, and transactions, Report suspicious activity to your bank or credit card providerRegularly check for data breaches using services like Have I Been Pwned, Monitor accounts, statements, and transactions, Report suspicious activity to your bank or credit card provider
References
Where can I find more information about each incident ?
Incident : Data Leak ETS1001052925
Source: CyberNews
Incident : Data Leak ETS1001052925
Source: TechRadar Pro
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CyberNews, and Source: TechRadar Pro.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Leak ETS1001052925
Entry Point: Unsecured Azure Blob Storage containers
High Value Targets: Etsy, Poshmark, Tiktok Shop,
Data Sold on Dark Web: Etsy, Poshmark, Tiktok Shop,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Leak ETS1001052925
Root Causes: Unsecured cloud storage
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personally Identifiable Information, Shipping Order Details and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Shipping Order Details and Personally Identifiable Information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.6M.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Regularly check for data breaches using services like Have I Been Pwned, Report suspicious activity to your bank or credit card provider, Monitor accounts, statements and and transactions.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are TechRadar Pro and CyberNews.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Unsecured Azure Blob Storage containers.
.png)
Latest Global CVEs (Not Company-Specific)
Description
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Description
The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: Successful exploitation of this vulnerability requires that the PDFCrowd API key is blank (also known as "demo mode", which is the default configuration when the plugin is installed) or known.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.
Risk Information
cvss3
Base: 7.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user roles.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Risk Information
cvss3
Base: 4.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L119
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L314
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L31
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L33
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9ae252-7e5f-4dc0-a162-100493b81980?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=etsy' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
