Cyber Incident Victim: Chrono24

On or around September 1, 2022, Chrono24, a platform facilitating the purchase and sale of luxury watches, experienced a cybersecurity incident involving unauthorized access to a third-party service provider's systems. Attackers breached databases containing marketing-related information, primarily comprising customer email addresses. The compromise did not extend to Chrono24's core systems, with no evidence of access to user passwords, financial data, or payment information. The incident was disclosed by Chrono24 via direct email communication to affected customers, confirming the breach originated at the service provider level rather than through the company's own infrastructure. While the exact method of intrusion remained unspecified, the attackers successfully exfiltrated marketing datasets, creating potential risks for secondary exploitation of the stolen email addresses.

Chrono24's response emphasized transparency through direct customer notification, advising heightened vigilance against potential phishing campaigns leveraging the compromised email addresses. The company clarified that no direct action was required from users regarding password changes due to the absence of credential exposure but recommended contacting their support team at [email protected] or +49 721 96693-988 if customers observed unusual account activity. The breach's impact was confined to marketing operations, with no disruption reported to Chrono24's transactional platforms or user account security mechanisms. Consequences centered on increased phishing risks for affected individuals, as attackers could repurpose the email addresses for fraudulent communications. Chrono24 did not disclose operational downtime, forensic investigation timelines, or regulatory reporting actions related to the incident.