Find notable cyber news and cases, enriched with sources, timelines, and signals.

PcComponentes hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 67
1 unique sources, 1 articles

Summary

Hide ▲

PcComponentes confirmed a credential stuffing attack on its platform, and the event mattered because a small number of accounts were compromised and account protections had to be tightened. The company responded with CAPTCHA, mandatory 2FA, and session invalidation to block further abuse.

Related Happenings

Instagram High Touch Support password reset security flaw

Vulnerability
H score40 First: 08.06.2026 09:00 Last: 08.06.2026 09:00 Sources 1

About this happening: **Meta's High Touch Support (HTS)** flaw enabled attackers to trigger **Instagram password resets**, creating account-takeover risk for **over 20,000 users** and weakening protect...

Dashlane password manager account lockouts from brute-force attacks

Service Disruption
H score12 First: 01.06.2026 21:17 Last: 01.06.2026 21:17 Sources 1

About this happening: **Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...

DraftKings hit by network compromise

Incident
H score35 First: 17.04.2026 10:10 Last: 17.04.2026 10:10 Sources 1

About this happening: **DraftKings** suffered a **credential-stuffing account compromise** that exposed nearly **68,000 accounts** and enabled theft from roughly **1,600 accounts**. Attackers reused cr...

Unnamed high-profile Lebanese journalist hit by network compromise

Incident
H score10 First: 09.04.2026 13:45 Last: 09.04.2026 13:45 Sources 1

About this happening: An **unnamed high-profile Lebanese journalist** had an **Apple account** successfully compromised in **2025**, creating unauthorized access to a personal and professional identity...

Microsoft Entra device code phishing and vishing campaign

Campaign
H score40 First: 19.02.2026 14:30 Last: 19.02.2026 14:30 Sources 1

About this happening: A **device code phishing campaign** is targeting **Microsoft 365 identities** through the **OAuth 2.0 device authorization flow**, letting attackers steal valid access tokens afte...

Timeline

  1. 21.01.2026 22:55 1 articles · 5mo ago

    daghetiaw claims 16.3 million-record PcComponentes leak

    Initial Disclosure

    A threat actor named daghetiaw claimed to have stolen a PcComponentes customer database with 16.3 million records, leaked 500,000 records, and offered the rest for sale, with the claimed dataset containing order details, physical addresses, full names, phone numbers, IP addresses, product wish-lists, and Zendesk support messages.

    Show sources
  2. 21.01.2026 22:55 2 articles · 5mo ago

    PcComponentes confirms credential stuffing and hardens logins

    Mitigation Patch Update

    PcComponentes said its investigation found no illegitimate access to databases or internal systems, but did find evidence of a credential stuffing attack against its platform. Hudson Rock said the stolen logins were likely taken from infostealer logs, with some credentials dating back to 2020, and PcComponentes responded by adding CAPTCHA on login pages, requiring two-factor authentication for all accounts, and invalidating active sessions.

    Show sources