Mohamed Ramadan from Attack-Secure discovered a critical vulnerability in Etsy’s iPhone application. Etsy is a social commerce website focused on handmade or vintage items as well as art and craft supplies.
Any attacker on the same network can sniff traffic (including user password) invisibly without any warning from Etsy app. Its is very similar to the man in the middle attack reported in
Source: Etsy for iPhone loophole allows attacker to hijack Accounts