Watchfinder warns customers that hackers stole their data

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Watchfinder warns customers that hackers stole their data

Luxury pre-owned watch website Watchfinder has warned its user base that their personal data has been accessed after an employee’s account was broken into and a customer list accessed.

Watchfinder, which provides a specialist online marketplace through which watch fans can buy, sell and exchange their luxury timepieces, has sent out an email to customers explaining that their details may have been exposed.

Watchfinder email

Sign up to our free newsletter.
Security news, advice, and tips.

Although the company says that postal addresses, passwords, and financial details were not amongst the records stolen by the hacker, personal details which were taken include customers’ email addresses, telephone numbers, and lists of which watches they may have purchased or expressed an interest in.

It’s easy to imagine how a carefully-crafted email might exploit such details in an attempt to scam unwary individuals. Such a technique might be particularly attractive for criminals considering that lovers of luxury watches may have more a bigger pot of money to steal than the typical man in the street.

If nothing else, the information stolen could be sold on to other criminals (or indeed others interested in the contact details of those with a penchant for luxury items).

Disappointingly, there appears to be no security advisory published on the Watchfinder website itself, and the company’s Twitter account is similarly silent on the topic. Personally, if I was deciding which website I would use to buy or sell an expensive watch, I would want to know if it had recently suffered a security breach and what it was doing about it.

The security breach at Watchfinder comes just weeks after a security breach at a rival marketplace for luxury watches, Chrono24.

In Chrono24’s case the hackers managed to breach the third-party MailChimp account it uses to send out its email newsletter, allowing an unauthorised party to access its mailing list.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.