PcComponentes denies data breach but confirms credential stuffing attack
Summary
Hide ▲
Show ▼
PcComponentes, a major Spanish online retailer, denies claims of a data breach impacting 16 million customers but confirms a credential stuffing attack. The threat actor 'daghetiaw' claimed to have stolen 16.3 million records, leaking 500,000 and offering the rest for sale. PcComponentes investigated and found no unauthorized access to its databases or internal systems, but confirmed a credential stuffing attack. The exposed data includes personal details but no financial information or passwords. The company has implemented additional security measures, including mandatory 2FA and CAPTCHA on login pages.
Timeline
-
21.01.2026 22:55 1 articles · 23h ago
PcComponentes confirms credential stuffing attack, denies data breach
PcComponentes denied claims of a data breach impacting 16 million customers but confirmed a credential stuffing attack. The threat actor 'daghetiaw' claimed to have stolen 16.3 million records, but PcComponentes found no evidence of unauthorized access. The company has implemented additional security measures, including mandatory 2FA and CAPTCHA on login pages.
Show sources
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55
Information Snippets
-
PcComponentes denies a data breach impacting 16 million customers but confirms a credential stuffing attack.
First reported: 21.01.2026 22:551 source, 1 articleShow sources
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55
-
Threat actor 'daghetiaw' claimed to have stolen 16.3 million records, leaking 500,000 and offering the rest for sale.
First reported: 21.01.2026 22:551 source, 1 articleShow sources
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55
-
The leaked data includes order details, physical addresses, full names, phone numbers, IP addresses, product wish-lists, and customer support messages.
First reported: 21.01.2026 22:551 source, 1 articleShow sources
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55
-
PcComponentes found no evidence of unauthorized access to its databases or internal systems.
First reported: 21.01.2026 22:551 source, 1 articleShow sources
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55
-
The company admitted to a credential stuffing attack, where threat actors used email addresses and passwords from other breaches to access PcComponentes accounts.
First reported: 21.01.2026 22:551 source, 1 articleShow sources
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55
-
Hudson Rock's investigation found that the attackers likely collected login data from computers infected with info-stealing malware.
First reported: 21.01.2026 22:551 source, 1 articleShow sources
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55
-
PcComponentes has implemented CAPTCHA on login pages, mandatory 2FA for all accounts, and invalidation of all active sessions.
First reported: 21.01.2026 22:551 source, 1 articleShow sources
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55