Chrono24, WatchFinder Security Breaches Reported

patrick_y · 2022-09-29T17:31:48Z

Explore the Chrono24 and WatchFinder security breaches, understanding the impact on luxury watch collectors' data and essential security measures.

patrick_y

WPS member · Horological Meandering forum

33 replies4418 views0 photos

In a digital age where online transactions are commonplace for luxury goods, the security of personal data is paramount. Patrick_y's original post brought to light critical security breaches affecting prominent pre-owned watch platforms Chrono24 and WatchFinder. This article synthesizes the community's response, offering crucial insights into the nature of these breaches and their potential implications for collectors.

33 collectors discussing this on the WatchProSite forumJoin the Conversation →

Chrono 24 and WatchFinder have both lost copious amounts of consumer information both due to security breeches. A lot of this information is quite extensive, featuring full names, addresses, email addresses, phone numbers, credit card numbers, financial information, bank account numbers, Tax ID numbers or Social Security Numbers, and possibly even IP addresses. Some also include personal notes and details of watches in the client's possession, watches for sale by the client, and watches on the client's "wishlist." Considering some watch collectors are prominent individuals, this is a valuable spreadsheet of information.

All clients who have a Chrono24 and WatchFinder account are advised to do a security inventory, consider changing their passwords, to monitor their credit cards, and be on the lookout for suspicious activity or identity theft. Hopefully this data does not end up on the black market or on the dark web; where information brokers will likely sell the information to criminals who will then act upon it.

EDIT: 03-OCT-2022 According to one of our members below who contacted Chrono24, Chrono24 responded to say that their "MailChimp" server was the one that was hacked. The MailChimp server carries names and email addresses but no financial information. And at this time Chrono24 has indicated they do not believe that financial information was breached. Still! We need to be careful! Thank you to our member Spangles who contacted Chrono24 on our behalf for more details.

Key Points from the Discussion

The initial reports of the security breaches at Chrono24 and WatchFinder suggested a wide range of compromised personal and financial data, including full names, addresses, credit card numbers, and even Tax ID numbers. This prompted serious concerns among collectors regarding identity theft and financial fraud.
Further investigation and direct communication with Chrono24 by a community member clarified that the breach primarily affected their email marketing provider, MailChimp. This meant that while names and email addresses were exposed, sensitive financial information was not directly compromised from Chrono24's core systems.
Despite the clarification, some members expressed ongoing concern, noting that platforms like Chrono24 require bank routing numbers for sellers, raising questions about the security of such data within their primary systems, irrespective of the MailChimp incident.
The distinction between a direct platform hack and a third-party marketing service breach is crucial for assessing the actual risk level. While an email list breach can lead to increased spam and phishing attempts, it typically does not necessitate changing bank accounts, unlike a direct financial data compromise.
The discussion highlighted the broader issue of digital security and the potential for data breaches across various online services, leading some to question the overall benefits of the internet given the constant threat of hacking and privacy violations.
One contributor noted that WatchProSite itself offers a degree of security by not tying physical addresses, phone numbers, or financial information to user accounts, making it a less attractive target for certain types of data breaches.

The Discussion

Fastwong

Sep 29, 2022

Thanks for posting! I almost listed something over the weekend on C24 and when they asked for financials and SSN I changed my mind, close one...

patrick_y

Sep 29, 2022

Yes. Be very careful!

India Whiskey Charlie

Sep 29, 2022

Why would they even need someone's SSN?

Fastwong

Sep 29, 2022

Due to changes in reporting requirements this year marketplaces like eBay and c24 are required to report sales over $600 and send sellers 1099s. Death and taxes.

ArmisT

Sep 30, 2022

Seriously?! That changes my willingness to list anything on C24.

And the security breach is a nail in the coffin as far as my comfort with the site. Too bad.

mdg

Sep 30, 2022

Because we no longer live in a free society.

Continue the conversation

This thread is active on the Horological Meandering forum with 33 replies. Share your knowledge with fellow collectors.

Join the Discussion →