phishing

The alleged PcComponentes hack affects 16 million customers. It’s another nightmare for phishing attacks

by

In Hackmanac Cybersecurity alerts reporting alleged hacks and massive data thefts around the world are frequent. One of the last notices, posted yesterdayaffects a Spanish company on the rise: PcComponentes. If confirmed, the alleged data theft would have affected a huge number of users. 16 million affected. According to these data, a cyber attacker using the alias ‘daghetiaw’ claimed to have managed to infiltrate PcComponentes. By doing so, it has obtained the data of 16.3 million customers, specifically: DNI/NIF Orders and invoices Address Contact details (phone) Credit card metadata (type, expiration date) IP address A sample that seems to confirm the hack. The author of the cyberattack wanted to demonstrate that the database he managed to obtain is legitimate, and to do so he has published a free extract of 500,000 users. That is already a very bad sign and seems to confirm that this hack and massive data theft has indeed been successful. There were already problems a year ago. An This failure exposed a database with access credentials. And everything fits. In The Computer Chapuzas They have contacted 0xBogart and obtained more information about that incident. This user actually talks about the fact that a database from August 2023 was already stolen and that then “it had 11,951,125 users, it makes sense that in 2026 they will have 16 million.” This expert had access to PcComponentes’ servers for five years, and only lost it “when they abandoned their data center for Amazon Web Services,” he indicates in the El Chapuzas Informático text. Pc Componentes has not confirmed the hack. At the moment those responsible for Pc Componentes have neither confirmed nor denied the massive data theft. At Xataka we are trying to contact the company to clarify the details. Meanwhile, those responsible have 72 hours from when the hack was discovered to notify the Spanish Data Protection Agency (AEPD). Up next: phishing attacks. This new massive data theft represents a potential nightmare for PcComponentes customers. If the hack is confirmed, all that data could be used for much more convincing phishing attacks: the more information cyber attackers have about us, the more they can “convince” us with messages that appear to be authentic and that manage to confuse us. Or phishing. There is also the danger of identity theft: the stolen data allows the creation of a “user profile” with which a cybercriminal can impersonate one person to deceive another with social engineering techniques. If the database has been leaked there is little that PcComponentes clients can do because their information will already be exposed. It has not been clear if there are passwords included for access to the company website in the massive data theft, but our recommendation is to change that access password as soon as possible. In Xataka | The leak of 16 billion passwords would be the largest in history. If it weren’t for the fact that it’s a gigantic rehash

The Supreme Court has just resolved who is responsible when you steal all your money for Phishing: the bank

by

The Supreme Court has just failed in favor of users and against banking in one of the most recurrent issues in recent years: Scams through the Internet. He declares that banking is the main responsible in these cases of fraud, being forced to immediately replenish all money stolen from the client. It is not a user thing. The Supreme Court has confirmed A sentence issued on April 9in which the Civil Chamber rejected the appeal filed by Ibercaja against a resolution issued by the Provincial Court of Zaragoza in November 2022. In this sentence 571/2025 it is underlined that good banking practices require the activation of systems capable of detecting suspicious activities, as well as blocking or verifying high -risk operations. Almost 60,000 euros, back to pocket. Unless it can be demonstrated that the client acted negligently, the bank is obliged to assume responsibility and return the money immediately. In this case, Ibercaja Banco SA must reintegrate a client 56,474.63 euros stolen from his account through Sim Swappinga system to supplant our identity stealing the telephone number. Judge Manuel Almenar Belenguer uses the European Directive before payment servicesas well as the Spanish regulations, concluding that if there is no negligence, the user’s only obligation is to notify the bank about any type of unauthorized operation. The new jurisprudence. This case feels a fundamental precedent since it establishes that, from now on, the banking entities will be the main responsible in cases of Phishing banking. Consequently, they must respond for user -unauthorized operations, thus marking a significant change in customer protection against electronic fraud. “The advances of current technology make relatively easy to design ideal computer systems or applications to detect certain anomalies in the provision of payment services. Operations that, in the case of companies or companies with a concrete corporate purpose, can be described as ordinary, must immediately raise suspicions and give rise to an answer when they affect natural persons outside of such activity.” Banks will no longer have an excuse. Based on Judisprudence, it is stated that contractual clauses that exempt the banking entities of their responsibility with users regarding unauthorized operations must be declared knots. Until now, banks could hide in alleged bad practices carried out by the user, such as having introduced their data on websites or malicious links. After this sentence, they are responsible for any unauthorized operation. A plague with which the government tries to end. Scams per call and SMS are a plague. So much, that the Ministry of Digital Transformation It has been trying to put a brake over a year. He End of commercial calls It arrived in February 2025 under ministerial order, but this is just a tiny part in the cybethaf cake. False calls, Scams by WhatsApp, malware in stores like Google Play, Identity Supplant by SMS… tactics change and evolve to continue having an affectation and result. Recently, The Civil Guard dismantled a network of cybers allegedly led by a 19 -year -old student. User’s responsibility. Despite the additional protection that the clients of the entities will enjoy in case of cybetafa, it falls on the roof of the user not to fall into practices that can end up being considered as negligence. These have not established themselves, but it is worth not introducing our phone, personal email on the websites whose origin we are not clear. In case of using Android, we are also responsible for what we download and where we download it, as well as the permits that we give to the applications. Protecting goes beyond possible money subtractions: it is especially easy to end up giving all our data to cybers. In Xataka | Cybethafa with Word documents as a Trojan horse: how it works and how to protect your personal and financial data

It also protects you from phishing and data leaks

by

Internet has become a vital tool, to the point that we spend several hours a day sailing. Doing doing it as surely as possible is vital to safeguard our data, especially now that there are so many data leaks or identity supplantations. Common sense can help us, although going to an additional tool is A movement that can save us more than one problem. One of the most outstanding is Kaspersky, especially its premium plan, reduced right now to the 34.99 euros a year. Kaspersky Premium – Annual * Some price may have changed from the last review Your safety and your family, at another level with Kaspersky Premium Kaspersky is a company that has been a reference for years in Internet security. It is true that its antivirus facet is almost always taken into account (both for PC and MacOS, iOS and Android), But the reality is that it offers much more. Especially if we take into account its Premium Kaspersky Plan, the most complete of all. One of the key points of this service is your call ‘Identity protection‘. Thanks to it, the service will detect when anyone tries to access our data remotely. In addition, we can also have a kind of Wallet Digital where to store our ID, the card or delicate information to avoid any type of identity theft. And that is not all, because we will also receive a notification if our data or telephone number appear in some data filtration. Speaking of identity and impersonation, it is also worth highlighting its’Antiphishing‘. It has a system capable of identifying links Phishing In emails or on web pages, automatically blocking those that it detects as fraudulent, thus avoiding clicking on one for an oversight. Kaspersky Premium – Annual * Some price may have changed from the last review This Kaspersky service normally has a price of 79.99 euros per year, but right now A 56 % discount that leaves it in the 34.99 euros a year we have mentioned previously for the first year. In addition, this subscription includes a free year of Kaspersky Safe Kids, ideal if we have children at home and we want their internet navigation and experience to be as sure as possible. And eye Some of the links of this article are affiliated and can report a benefit to Xataka. In case of non -availability, offers may vary. Images | Kari Shea in Unspash (with edition), Kaspersky In Xataka | Wi -Fi, configuration fund guide: everything you have to know to improve your connection In Xataka | These are the two things I recommend doing if you want to improve the safety of your accounts and you are not sure how to start

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.