PcComponentes hit by cyberattack
Incident
Summary
Hide ▲
Show ▼
PcComponentes confirmed a credential stuffing attack on its platform, and the event mattered because a small number of accounts were compromised and account protections had to be tightened. The company responded with CAPTCHA, mandatory 2FA, and session invalidation to block further abuse.
Related Happenings
Instagram High Touch Support password reset security flaw
Vulnerability
H score40
First: 08.06.2026 09:00
Last: 08.06.2026 09:00
Sources 1
About this happening:
**Meta's High Touch Support (HTS)** flaw enabled attackers to trigger **Instagram password resets**, creating account-takeover risk for **over 20,000 users** and weakening protect...
Instagram High Touch Support password reset security flaw
VulnerabilityAbout this happening: **Meta's High Touch Support (HTS)** flaw enabled attackers to trigger **Instagram password resets**, creating account-takeover risk for **over 20,000 users** and weakening protect...
Dashlane password manager account lockouts from brute-force attacks
Service Disruption
H score12
First: 01.06.2026 21:17
Last: 01.06.2026 21:17
Sources 1
About this happening:
**Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...
Dashlane password manager account lockouts from brute-force attacks
Service DisruptionAbout this happening: **Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...
DraftKings hit by network compromise
Incident
H score35
First: 17.04.2026 10:10
Last: 17.04.2026 10:10
Sources 1
About this happening:
**DraftKings** suffered a **credential-stuffing account compromise** that exposed nearly **68,000 accounts** and enabled theft from roughly **1,600 accounts**. Attackers reused cr...
DraftKings hit by network compromise
IncidentAbout this happening: **DraftKings** suffered a **credential-stuffing account compromise** that exposed nearly **68,000 accounts** and enabled theft from roughly **1,600 accounts**. Attackers reused cr...
Unnamed high-profile Lebanese journalist hit by network compromise
Incident
H score10
First: 09.04.2026 13:45
Last: 09.04.2026 13:45
Sources 1
About this happening:
An **unnamed high-profile Lebanese journalist** had an **Apple account** successfully compromised in **2025**, creating unauthorized access to a personal and professional identity...
Unnamed high-profile Lebanese journalist hit by network compromise
IncidentAbout this happening: An **unnamed high-profile Lebanese journalist** had an **Apple account** successfully compromised in **2025**, creating unauthorized access to a personal and professional identity...
Microsoft Entra device code phishing and vishing campaign
Campaign
H score40
First: 19.02.2026 14:30
Last: 19.02.2026 14:30
Sources 1
About this happening:
A **device code phishing campaign** is targeting **Microsoft 365 identities** through the **OAuth 2.0 device authorization flow**, letting attackers steal valid access tokens afte...
Microsoft Entra device code phishing and vishing campaign
CampaignAbout this happening: A **device code phishing campaign** is targeting **Microsoft 365 identities** through the **OAuth 2.0 device authorization flow**, letting attackers steal valid access tokens afte...
Timeline
-
21.01.2026 22:55 1 articles · 5mo ago
daghetiaw claims 16.3 million-record PcComponentes leak
Initial DisclosureA threat actor named daghetiaw claimed to have stolen a PcComponentes customer database with 16.3 million records, leaked 500,000 records, and offered the rest for sale, with the claimed dataset containing order details, physical addresses, full names, phone numbers, IP addresses, product wish-lists, and Zendesk support messages.
Show sources
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55
-
21.01.2026 22:55 2 articles · 5mo ago
PcComponentes confirms credential stuffing and hardens logins
Mitigation Patch UpdatePcComponentes said its investigation found no illegitimate access to databases or internal systems, but did find evidence of a credential stuffing attack against its platform. Hudson Rock said the stolen logins were likely taken from infostealer logs, with some credentials dating back to 2020, and PcComponentes responded by adding CAPTCHA on login pages, requiring two-factor authentication for all accounts, and invalidating active sessions.
Show sources
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55
- Online retailer PcComponentes says data breach claims are fake — www.bleepingcomputer.com — 21.01.2026 22:55