GreyHours is a luxury watch brand established in 2013. The company has carved a niche in the premium watch market by offering minimalist design and high-quality craftsmanship at relatively accessible prices. GreyHours is known for its focus on elegant, understated designs that appeal to a broad demographic, particularly those who appreciate fine watchmaking without the exorbitant costs typically associated with luxury timepieces. The brand’s watches often feature Swiss movements, sapphire crystal glass, and sophisticated color palettes, making them popular among both casual and serious watch collectors.

Breach Details

In January 2024, GreyHours became the target of a significant data breach. This breach, which was publicized by a notorious hacker known as IntelBroker on BreachForums, exposed 18.7K lines of sensitive user information. The compromised data includes:

  • Usernames
  • Encrypted passwords
  • Password salts (a security feature intended to protect passwords)
  • Full names
  • Email addresses
  • Genders
  • OAuth tokens (used for secure authentication)
  • Ages
  • Physical locations
  • Phone numbers

Additionally, the attacker claims to have deleted the entire database and all files associated with GreyHours, potentially disrupting their operations and causing significant long-term damage to the company’s reputation.

Threat Actor Profile

IntelBroker is a well-known figure in the cybercriminal community, often associated with data breaches targeting companies across various industries. Operating primarily through BreachForums, a platform notorious for trading stolen data and hacking tools, IntelBroker has gained a reputation for leaking high-profile databases. The motives behind these actions are typically financial, with stolen data often sold on the dark web, though in some cases, the breaches appear to be driven by a desire to demonstrate power or wreak havoc.

Impact Analysis

The GreyHours data breach could have far-reaching consequences for both the company and its customers:

  • Customer Impact: The exposure of personal data such as emails, phone numbers, and physical locations puts customers at risk of phishing attacks, identity theft, and other forms of cybercrime. The release of OAuth tokens is particularly concerning as it could allow attackers to gain unauthorized access to user accounts across different platforms.
  • Reputational Damage: For a luxury brand like GreyHours, trust is paramount. The breach not only undermines consumer confidence but also could lead to a loss of customers, decreased sales, and potentially, legal actions from those affected.
  • Operational Disruption: If the claims of database and file deletion are accurate, GreyHours could face significant operational challenges, including the need to rebuild their digital infrastructure and restore lost data, which could result in considerable downtime and financial loss.
Share this article
The link has been copied!