Advice - turn on two factor authentication! The added step logging in is a pain but it means no one can hijack your account

The scammers have gotten more sophisticated.  I've heard from another seller who was surprised to receive "I need your email address to check out messages" from established accounts.  I'm really sorry to hear your shop was used for nefarious purposes.  

And now I'm wondering about some shops who are getting their messages suspended for spamming when they claim to not have sent any messages?  Could that be why?  It would be easy to delete the messages from the first account so the shop owner doesn't see them immediately.  It would also explain why some accounts are left open rather than disappearing like what happens when a scammer opens a new account to spam/scam.

Anyway, here is a link to my scam thread.  I'm getting depressed here.

https://community.etsy.com/t5/Managing-Your-Shop/How-to-Spot-a-Scam-No-a-Buyer-Doesn-t-Need-Your-Ema...

@FabioMcMustache  Now the scam messages are coming from legit shops?  This is the 2nd time I've heard this in 2 days.

Please have Etsy investigate, and warn sellers. 

I had the same problem just a minute ago. I had two factor authentication on, i dont have a clue how they got access to my account.

Hi! This happened to me yesterday. I am using a different account to reply here as my shop has been suspended (it sucks for me, but I'm glad no further damage is being done)

Same exact thing. Language changed to russian, sending scam messages. I has 2FA on and they bypassed it.

I found that a few of my gmail accounts had been compromised, with logins from russia. I advise you to check your emails immediately for suspicious logins, log them out if you find any, and change passwords. Possibly from a different device. This can spread so much further than your etsy account. I spent all day locking them out of accounts and securing things yesterday. I also performed a factory reset of my laptop, in case this was done with malware, which I think it was, possibly through session/cookie hijacking, as it bypasses 2FA.

I don't remember clicking on anything suspicious, but who knows. I might have without knowing, otherwise there is no explanation.

Still waiting for a reply from etsy to reinstate my account now. I was able to talk to them on the phone yesterday, they escalated my issue and I received an email later asking me for some security questions. I made sure the email sending them was legit, and answered. Just waiting now, crossing my fingers. Very scary stuff.

There was a massive mother of all data breaches with over 26 billion accounts affected at the start of this year over multiple organisations including, Myspace, Twitter, FB, LinkedIn, Canva and Adobe to name but a few.

The following links are to two sites where you can run your email and phone no's through them to check if you are one of those affected.

Have I Been Pwned: Check if your email has been compromised in a data breach

Personal Data Leak Checker: Your Email & Data - Breached? | CyberNews