Sharing this in case any customers don’t receive the email. Beware of any emails or phone calls claiming to be from WF or asking about your watches. Not having a dig at Watchfinder as this could happen to anyone.
Sent from my iPhone using Tapatalk
Just had the same email come through.
It could be very dangerous in the wrong hands, someone interested enough would be able to find your address with an email and phone number.
They would also know the watches you've bought so high spenders could be flagged easily.
That is very dangerous data to be out there! Just going to look back now when quoting if they ask for an address. Hopefully not.
Got the email too. Thankfully I’ve never done more than enquire so it’s limited to name and email.
Email here too. I’ve bought and sold with WF, have an account password etc. I did wonder if it would create a thread.
I also received the same email today. What’s worrying is that the breach seems to have come from one of their employees !!!
To be clear, they're saying there was unauthorised access to one of their employees account, not that an employee instigated the data leak.Originally Posted by Highroller1
I read it that someone accessed one of their employees accounts without authorisation.
A lot of hacks lately which are down to social engineering, rather than compromised systems. It seems a lot of businesses were unprepared for this kind of attack.
All security is down to three elements: "People, Process and Technology".
I spend much of my professional lifetime in cyber security trying to get as much emphasis put on the People and Process bits as on the Technology. It's amazing how many organisations would say "but we've got a firewall and 256-bit encryption, so we must be secure", and then get quite embarrassed when you started delving into their recruitment procedures and password-change processes...
Hmmm, I’ve received this too but have only ever made an online enquiry so shall double check what details I left!
Thanks
Sent from my iPhone using Tapatalk
I got the email today.
Got the same email today. Have only ever enquired
I also received the email but the wording infers my enquiry was about a watch they were selling as opposed to some I was requesting a quote to sell.
Very big difference between an old enquiry on buying a watch and disclosing a list of watches and home address.
I’ve asked them to clarify what data they lost.
My email stated:
The records in question may include your e-mail address, telephone number and/or any watches that you have expressed an interest in. They do not include any postal addresses, passwords, credit card details or other banking information.
Thanks. I will sure their response.
Got my email today. Thanks WF
“ Ford... you're turning into a penguin. Stop it.” HHGTTG
Just spotted the email in my junk today. Was sent yesterday. Mine said the same as above.
If a user account was compromised probably all their account data was compromised. I would like to know how they are so sure that ‘postal addresses’ are not compromised.
Somewhere in Russia, a teenager right now is highlighting the name and address of Nadeem Malick and thinking he’s hit the jackpot.
From the handbag thread someone pointed out for a fee a company will provide an address if you have their mobile number
Response from WF
We discovered unauthorised access to an employee account which contained lists of our current and prospective customers. The lists contain e-mail addresses, telephone numbers, purchase histories and watches in which customers have expressed an interest. They do not include postal addresses passwords, credit card details or other banking information.
Presumably because the employee didn't have access to postal addresses, not unusual for access to be related to the employees job. They probably had a list of names, emails and phone numbers for marketing/sales purposes I'm guessing.
Is getting the email
The new getting the call?
Sent from my iPhone using Tapatalk
I've bought and sold with them and can't say I'm overly amused by this. Took a little longer for them to email me, but there it is.
I've had it too.
After receiving a dismal offer to trade them one of my watches a few weeks ago, I thought I'd try again last weekend and went through the online process. Within seconds of me hitting submit, another dismal offer was generated. Times, they are a changing.
I use unique addresses for each company I deal with.
Received an unsolicited email today signing me up to digital assets company called Nexo.
Yes, NEXO have just sent me a similar email. Seems probable they have that Watchfinder data....
Posting Permissions
Reply With Quote