PcComponentes, a leading Spanish PC components retailer, has addressed recent security concerns following claims of a significant data breach. A hacker, known as 'daghetiaw', alleged to have stolen sensitive data from the company, including 16.3 million records containing personal information such as names, addresses, IP addresses, product wishlists, and customer support messages. (xataka.com)
In response, PcComponentes issued a statement denying any unauthorized access to their databases or internal systems. The company emphasized that the number of affected customers is significantly lower than the claimed 16 million, as their active user base is notably smaller. (infobae.com)
Upon investigation, PcComponentes identified the incident as a credential stuffing attack. This type of attack occurs when cybercriminals use email addresses and passwords obtained from previous data breaches on other platforms to gain unauthorized access to accounts where users may have reused the same credentials. (vandal.elespanol.com)
The company clarified that only a limited number of customers were affected, and the compromised data did not include sensitive financial information, as PcComponentes does not store bank details. Additionally, customer passwords are not stored in their database. (vandal.elespanol.com)
To enhance security and prevent future incidents, PcComponentes has implemented several measures:
- Mandatory Two-Factor Authentication (2FA): All users are now required to set up 2FA to access their accounts, adding an extra layer of protection. (vandal.elespanol.com)
- CAPTCHA Implementation: The login process has been updated to include CAPTCHA challenges, mitigating automated login attempts. (vandal.elespanol.com)
These proactive steps aim to bolster the security of user accounts and maintain customer trust.
For more detailed information, you can refer to the official statements from PcComponentes and related news articles.