Search
Get in Touch
News

Top PC components store denies data breach – PcComponentes says it is safe, despite hacker claims

TechRadar
TechRadar
  • PcComponentes denies breach claims, confirming only a credential stuffing attack occurred
  • Hacker alleged 16.3m records stolen; company says far fewer accounts were affected
  • Future logins require CAPTCHA and mandatory two-factor authentication for added security

Spanish PC components retailer PcComponentes has denied suffering a big data breach – but did confirm it suffered a credential stuffing attack.

A cybercriminal recently posted a new thread on an underground forum, claiming to have stolen sensitive data from the company. Offering the archive for sale, the hacker – named ‘daghetiaw’ – says it contains 16.3 million records, including people’s names, postal addresses, IP addresses, product wishlists, and customer support messages generated through Zendesk.

To prove the authenticity of their claims, the hacker also published a sample of 500,000 records.

Weird campaign

Soon after, PcComponentes published a notice on its website, saying it was never breached and that the claims the hacker made are false.

“There has been no illegitimate access to our databases or internal systems,” the company said, as per a machine-translated notice.

“The figure of 16 million customers supposedly affected is false, as the number of active accounts on PcComponentes is markedly lower.”

The company then explained that its investigation showed it suffered a credential stuffing attack. A threat actor obtained login credentials elsewhere on the dark web and tried to use them on the platform.

Customers who use the same password across multiple services were most likely broken into, and whatever information they stored in their account, was most likely nabbed.

Still, PcComponentes downplayed this incident, as well, saying only a handful of customers were affected, and the data stolen was not that important.

“Likewise, illegitimate access has not been massive, that is, only some customers have been affected,” it said. “The bank details have not been compromised in any case since PcComponentes does not store them. For this reason, there is no risk of bank details being stolen,” it explained.

“Customer passwords are never stored in our database.”

Through credential stuffing, the cybercriminal was able to grab people’s names, IDs, postal addresses, IP addresses, and phone numbers.

Going forward, all users logging in will first have to solve a CAPTCHA and will have to set up 2FA.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Read more @ TechRadar

Previous article
Have your Google Home smart lights stopped working? You’re not alone – and Google is working on a fix
Next article
AI Mode in Google search can now pull context from your other apps
TechRadar
TechRadar

Latest posts

Valve’s Steam Deck OLED will be ‘intermittently’ out of stock because of the RAM crisis

The Verge - 0
Valve has updated the Steam Deck website to say that the Steam Deck OLED may be out of stock "intermittently in some regions due...

This is the first PCIe 6.0 SSD you can actually buy and by ‘you’ I mean hyperscalers — Micron 9650 can reach 28GBps read...

TechRadar - 0
Read more @ TechRadar

What is the release date for The Pitt season 2 episode 7 on HBO Max?

TechRadar - 0
Read more @ TechRadar

I’ve spent months tracking AI personalities like Twitch streamer Neuro-sama and it feels like acceptance — but I think we’re reading it wrong

TechRadar - 0
Read more @ TechRadar

Apple starts testing end-to-end encrypted RCS messages on iPhone

The Verge - 0
iPhone 17 Pro Apple is starting to test end-to-end encrypted (E2EE) RCS messages with the developer beta of iOS 26.4 released Monday. Apple announced plans...

Call of Duty: Warzone Mobile will go offline on April 17

Engadget - 0
Call of Duty: Warzone Mobile will be no more this spring. According to Activision, servers will be taken offline for this mobile battle royale...

More Rode mics can now connect directly to iPhones and iPads

Engadget - 0
Rode is rolling out a firmware update for its Wireless Pro and Wireless Go (third-gen) microphones to add a feature called Direct Connect, which...

There’s a dedicated channel for Formula 1 in the Apple TV app now

Engadget - 0
Apple continues to double down on its Formula 1 programming, following up on the box office success of its blockbuster movie by adding a...

These are the trendiest kind of camera straps this Presidents’ Day, but there’s a catch

TechRadar - 0
Read more @ TechRadar

Toyota says it’s going all-in on battery electric cars with four new battery models, but is it too late?

TechRadar - 0
Read more @ TechRadar

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).

The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.

We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

About Us

© AIVAnet | All rights reserved