Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

PcComponentes hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 13
1 unique sources, 1 articles

Summary

Hide ▲

PcComponentes confirmed a credential stuffing attack on its platform, and the event mattered because a small number of accounts were compromised and account protections had to be tightened. The company responded with CAPTCHA, mandatory 2FA, and session invalidation to block further abuse.

Related Happenings

DraftKings hit by network compromise

Incident
First: 17.04.2026 10:10 Last: 17.04.2026 10:10 Sources 1

About this happening: **DraftKings** suffered a **credential-stuffing account compromise** that exposed nearly **68,000 accounts** and enabled theft from roughly **1,600 accounts**. Attackers reused cr...

Open Happening

Unnamed high-profile Lebanese journalist hit by network compromise

Incident
First: 09.04.2026 13:45 Last: 09.04.2026 13:45 Sources 1

About this happening: An **unnamed high-profile Lebanese journalist** had an **Apple account** successfully compromised in **2025**, creating unauthorized access to a personal and professional identity...

Open Happening

Microsoft Entra device code phishing and vishing campaign

Campaign
First: 19.02.2026 14:30 Last: 19.02.2026 14:30 Sources 1

About this happening: A **device code phishing campaign** is targeting **Microsoft 365 identities** through the **OAuth 2.0 device authorization flow**, letting attackers steal valid access tokens afte...

Open Happening

ShinyHunters vishing campaign targeting SSO accounts

Campaign
First: 02.02.2026 15:46 Last: 02.02.2026 15:46 Sources 1

About this happening: The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...

Latest development: 26.05.2026 22:46

ShinyHunters claims it breached Charter Communications on April 1 by vishing an employee's Microsoft Entra account, then used that access to export millions of consumer and business customer records from the company's Salesforce instance; Charter says no sensitive personal information or CPNI was exfiltrated.

Open Happening

Custom vishing campaign stealing Okta SSO credentials

Campaign
First: 22.01.2026 23:43 Last: 22.01.2026 23:43 Sources 1

About this happening: A **custom vishing campaign** is actively stealing **Okta SSO credentials** through live, adversary-in-the-middle phishing pages, creating immediate risk of account takeover and d...

Open Happening

Timeline

  1. 21.01.2026 22:55 1 articles · 4mo ago

    daghetiaw claims 16.3 million-record PcComponentes leak

    Initial Disclosure

    A threat actor named daghetiaw claimed to have stolen a PcComponentes customer database with 16.3 million records, leaked 500,000 records, and offered the rest for sale, with the claimed dataset containing order details, physical addresses, full names, phone numbers, IP addresses, product wish-lists, and Zendesk support messages.

    Show sources
    Open in new tab
  2. 21.01.2026 22:55 2 articles · 4mo ago

    PcComponentes confirms credential stuffing and hardens logins

    Mitigation Patch Update

    PcComponentes said its investigation found no illegitimate access to databases or internal systems, but did find evidence of a credential stuffing attack against its platform. Hudson Rock said the stolen logins were likely taken from infostealer logs, with some credentials dating back to 2020, and PcComponentes responded by adding CAPTCHA on login pages, requiring two-factor authentication for all accounts, and invalidating active sessions.

    Show sources
    Open in new tab