PcComponentes Denies Data Breach but Confirms Credential Stuffing Attack Impacting Customers
Spain’s leading technology retailer, PcComponentes, has refuted claims of a major data breach affecting 16 million customers but confirmed a credential stuffing attack exposed sensitive account details. The incident emerged after a threat actor, daghetiaw, posted a purported database containing 16.3 million records on hacker forums, leaking 500,000 entries and offering the remainder for sale.
The leaked data included order histories, physical addresses, full names, phone numbers, IP addresses, product wishlists, and customer support messages exchanged via Zendesk. However, PcComponentes stated that no financial details or passwords were stored on its systems and that the claimed 16 million affected accounts was exaggerated, as its active user base is significantly smaller.
An investigation revealed the attack stemmed from credential stuffing where attackers used reused login credentials from previous breaches to access accounts. Threat intelligence firm Hudson Rock traced the compromised credentials to info-stealing malware infections, with some logins dating back to 2020. A sample of verified emails from the leak matched records in existing infostealer logs.
For affected accounts, exposed data included:
- Full names
- National ID numbers
- Physical addresses
- IP addresses
- Email addresses
- Phone numbers
In response, PcComponentes implemented CAPTCHA protections, mandatory two-factor authentication (2FA) for all accounts, and invalidated active sessions, forcing users to re-authenticate with 2FA enabled. The company did not disclose the exact number of impacted customers.
Zendesk cybersecurity rating report: https://www.rankiteo.com/company/zendesk
PcComponentes cybersecurity rating report: https://www.rankiteo.com/company/pccomponentes
"id": "ZENPCC1769030611",
"linkid": "zendesk, pccomponentes",
"type": "Breach",
"date": "6/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Exact number undisclosed '
'(claimed 16.3 million, but '
'active user base is smaller)',
'industry': 'Technology/E-commerce',
'location': 'Spain',
'name': 'PcComponentes',
'type': 'Retailer'}],
'attack_vector': 'Reused login credentials from previous breaches',
'customer_advisories': 'Forced re-authentication with 2FA enabled, CAPTCHA '
'protections implemented.',
'data_breach': {'data_exfiltration': 'Yes (posted on hacker forums for sale)',
'number_of_records_exposed': '500,000 leaked (16.3 million '
'claimed)',
'personally_identifiable_information': 'Yes (full names, '
'national ID numbers, '
'physical addresses, '
'email addresses, '
'phone numbers)',
'sensitivity_of_data': 'High (PII, order details, support '
'messages)',
'type_of_data_compromised': ['Order histories',
'Physical addresses',
'Full names',
'Phone numbers',
'IP addresses',
'Product wishlists',
'Customer support messages',
'National ID numbers',
'Email addresses']},
'description': 'PcComponentes denied a major data breach but confirmed a '
'credential stuffing attack exposed sensitive account details '
'of customers. A threat actor posted a purported database '
'containing 16.3 million records, leaking 500,000 entries and '
'offering the remainder for sale. The attack stemmed from '
'reused login credentials from previous breaches, traced to '
'info-stealing malware infections.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of customer data',
'data_compromised': 'Order histories, physical addresses, full '
'names, phone numbers, IP addresses, product '
'wishlists, customer support messages, '
'national ID numbers, email addresses',
'identity_theft_risk': 'High',
'payment_information_risk': 'None (no financial details or '
'passwords stored)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (remainder of 16.3 '
'million records offered '
'for sale)',
'entry_point': 'Reused credentials from '
'info-stealing malware infections'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Importance of enforcing multi-factor authentication (2FA) '
'and monitoring for credential reuse from previous '
'breaches.',
'motivation': 'Data exfiltration and sale on dark web',
'post_incident_analysis': {'corrective_actions': 'Mandatory 2FA, CAPTCHA '
'protections, session '
'invalidation, and forced '
're-authentication',
'root_causes': 'Lack of 2FA enforcement, '
'credential reuse from previous '
'breaches, info-stealing malware '
'infections dating back to 2020'},
'recommendations': 'Enforce 2FA for all accounts, implement CAPTCHA '
'protections, monitor for credential stuffing attacks, and '
'educate users on password hygiene.',
'references': [{'source': 'Threat actor post on hacker forums'},
{'source': 'Hudson Rock (threat intelligence firm)'}],
'response': {'containment_measures': 'Invalidated active sessions, forced '
're-authentication',
'remediation_measures': 'Implemented CAPTCHA protections, '
'mandatory two-factor authentication '
'(2FA) for all accounts',
'third_party_assistance': 'Hudson Rock (threat intelligence '
'firm)'},
'threat_actor': 'daghetiaw',
'title': 'PcComponentes Credential Stuffing Attack',
'type': 'Credential Stuffing',
'vulnerability_exploited': 'Info-stealing malware infections, lack of '
'multi-factor authentication'}