Luxury pre-owned watch website Watchfinder has warned its user base that their personal data has been accessed after an employee’s account was broken into and a customer list accessed.
Watchfinder, which provides a specialist online marketplace through which watch fans can buy, sell and exchange their luxury timepieces, has sent out an email to customers explaining that their details may have been exposed.
Although the company says that postal addresses, passwords, and financial details were not amongst the records stolen by the hacker, personal details which were taken include customers’ email addresses, telephone numbers, and lists of which watches they may have purchased or expressed an interest in.
It’s easy to imagine how a carefully-crafted email might exploit such details in an attempt to scam unwary individuals. Such a technique might be particularly attractive for criminals considering that lovers of luxury watches may have more a bigger pot of money to steal than the typical man in the street.
If nothing else, the information stolen could be sold on to other criminals (or indeed others interested in the contact details of those with a penchant for luxury items).
Disappointingly, there appears to be no security advisory published on the Watchfinder website itself, and the company’s Twitter account is similarly silent on the topic. Personally, if I was deciding which website I would use to buy or sell an expensive watch, I would want to know if it had recently suffered a security breach and what it was doing about it.
The security breach at Watchfinder comes just weeks after a security breach at a rival marketplace for luxury watches, Chrono24.
In Chrono24’s case the hackers managed to breach the third-party MailChimp account it uses to send out its email newsletter, allowing an unauthorised party to access its mailing list.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.