I'm New!

[BagsPlusMore]

Just opened a shop here last week.  Slowly learning my way around.

[Fairy Cardmaker]

Welcome to iCraft!  Your yoga mat totes are a good idea!

[Bella Rosina Jewelry]

Hi BagsPlusMore,

Welcome!  I am also new here, just joined today!

Carey Ann
Bella Rosina Jewelry

[PillowThrowDecor]

Welcome!!!

Are you new to online selling? Need to check out some more stores 

Hey Bootcamp is starting  in 2 weeks... April 1.

2 week program and only 3 days each week.... all about SEO

Woo Hoo!!!

Christine

[Bella Rosina Jewelry]

Hi Christiine,

What do you mean "you need to check out more stores."

Yes, I am fairly new to on-line selling.  I have another site on Etsy that I started in early February.

I am familiar with SEO and have labeled my items accordingly.

Carey Ann, Bella Rosina Jewelry

[PillowThrowDecor]

LOL... sorry Carey.  I should have written I need to check out more stores!

I like to check out new sellers stores so I kinda know people better when I bump into them in the forums

i saw that you had another store and that is super. There is lots of stuff that you will learn there and here that you can interchange. I am so pleased that you are already familiar with SEO! Good stuff !  I hope you are signed up for Bootcamp because then you can help us!! Yay.  I need to do a LOT of cleaning up in my SEO now that I understand more about it.

I really appreciate too that you are involved in the forum sharing and asking questions.  We all learn so much from each other.

Cheers
Christine

[Bella Rosina Jewelry]

Christine,

I have been trying to notify and reach someone regarding the security flaw in this website.  Today I have not been able to see my profile and instead I am given actual code typed by a programmer.  This is extremely dangerous as it means any hacker can take that code and use all the paypal information they want.  I have decided to no longer participate in this website as I am very nervous about the security issues involved.  The security has already been compromised and I am not willing to be the one who loses identity or money.

Please, address this issue.  I am asking for a refund for the $25 I just spent in order to participate as a seller.

Thank you.

Carey Ann
Bella Rosina Jewelry

[iCraft Admin]

Sorry, what security flaw are you talking about?

We had a code error on the Profile page, which is otherwise secure. User Profile page is behind login anyway, so only registered sellers could see error message on that page, and only for a limited time, as it was fixed within two hours of being first reported. I highly doubt any of our Creators are also hackers, who happen to see that error message today. Even if this crazy scenario happen, information displayed on that error page didn’t have anything that would allow anyone to hack into the site. It also didn’t contain any personal, login or any other information, that could lead hackers to user profile info. All values displayed were non-changeable & not-user supplied values, so they could not be manipulated from the outside.

Unfortunately, error message wasn’t user-friendly and looked scary (we’ll fix that), but it didn’t mean there was a security flaw.

What error message was saying is that we passed wrong information into the system and it rejected it. If we couldn’t use those values to get user info, nobody can. “Garbage in - garbage out”. 

Also, the only PayPal info we keep in  our database is your PayPal email address, which is useless without your PayPal password. Even if someone somehow got access to your PayPal email address on our site, they are still miles away from hacking into your PayPal account.

We have very tight security on the site with multiple measures in place, so I can assure you have nothing to worry about. If you still want to cancel your account on our site, please let me know and I’ll do it for you. However, our registration fee is non-refundable, as per our Pricing Policy https://icraftgifts.com/pricing.php; Thanks!

[Bella Rosina Jewelry]

The code error on the profile page was there all afternoon and into the late evening when I contacted you.  I cannot understand how you believe that having this information present is secure.  I am not aruging that the Creators on this website are hackers.  What I do believe however is that hackers are crimimals and take many forms.  A hacker can find a way into a website without even being present, because they write automatic codes.  There was a movie about this years ago.  

If you do not want to take me seriously or refuse to address this claim as valid then perhaps you need to learn more about internet security.  Having a secure e-commerce website is truly hard work.  I came here to icraft with the belief that the site was secured by professionals who know not to have code leak so that creators can see.  The code did not look scary to me.  What scared me was the actual presence of the code.  It should never be present for all to see.

I urge you to consider this as a warning that there is something wrong with your security and that instead of you brushing me off, saying don't worry everything is fine, to at least take my warning as a way to make your site safer so that it can flourish and be successful.

Please let me know what you plan to do about securing this website.

Thank you.

Carey Ann, Bella Rosina Jewelry

[iCraft Admin]

We take security seriously and you are incorrect by stating we had a security flaw.
We had an error on the page. This happens sometimes. Things break. This is a live site that’s being updated frequently. Normally, in this situation user would see a user-friendly message, informing them of the problem on the page. In this case, system didn’t catch the problem and didn’t display a user-friendly message. Instead, user saw lines of code, which wasn’t good, but didn’t pose any security risks.
“My Profile” page is behind login. Error on not, hackers can’t get access to pages under “My Account” using automatic scripts or anything else. You had to be physically logged-in to gain access to that page.