In Hackmanac Cybersecurity alerts reporting alleged hacks and massive data thefts around the world are frequent. One of the last notices, posted yesterdayaffects a Spanish company on the rise: PcComponentes. If confirmed, the alleged data theft would have affected a huge number of users.
16 million affected. According to these data, a cyber attacker using the alias ‘daghetiaw’ claimed to have managed to infiltrate PcComponentes. By doing so, it has obtained the data of 16.3 million customers, specifically:
- DNI/NIF
- Orders and invoices
- Address
- Contact details (phone)
- Credit card metadata (type, expiration date)
- IP address
A sample that seems to confirm the hack. The author of the cyberattack wanted to demonstrate that the database he managed to obtain is legitimate, and to do so he has published a free extract of 500,000 users. That is already a very bad sign and seems to confirm that this hack and massive data theft has indeed been successful.
There were already problems a year ago. An This failure exposed a database with access credentials.
And everything fits. In The Computer Chapuzas They have contacted 0xBogart and obtained more information about that incident. This user actually talks about the fact that a database from August 2023 was already stolen and that then “it had 11,951,125 users, it makes sense that in 2026 they will have 16 million.” This expert had access to PcComponentes’ servers for five years, and only lost it “when they abandoned their data center for Amazon Web Services,” he indicates in the El Chapuzas Informático text.
Pc Componentes has not confirmed the hack. At the moment those responsible for Pc Componentes have neither confirmed nor denied the massive data theft. At Xataka we are trying to contact the company to clarify the details. Meanwhile, those responsible have 72 hours from when the hack was discovered to notify the Spanish Data Protection Agency (AEPD).
Up next: phishing attacks. This new massive data theft represents a potential nightmare for PcComponentes customers. If the hack is confirmed, all that data could be used for much more convincing phishing attacks: the more information cyber attackers have about us, the more they can “convince” us with messages that appear to be authentic and that manage to confuse us.
Or phishing. There is also the danger of identity theft: the stolen data allows the creation of a “user profile” with which a cybercriminal can impersonate one person to deceive another with social engineering techniques. If the database has been leaked there is little that PcComponentes clients can do because their information will already be exposed. It has not been clear if there are passwords included for access to the company website in the massive data theft, but our recommendation is to change that access password as soon as possible.
GIPHY App Key not set. Please check settings