After various information that spoke of PcComponents had suffered a hack and massive theft of customer data, the company has published a statement in which it denies having suffered a security breach, and points to a credential spoofing attack as a possible source of the leak of their clients’ information.
After an investigation carried out by the company’s cybersecurity experts, PcComponentes has detected an attack that implies that a third party has used email addresses and passwords obtained from security leaks that have occurred in compromised databases that are unrelated to the company.
The attacker, using these databases, which PcComponentes recalls are usually published in Internet forums, would have automatically and massively tested the compromised access combinations on different platforms. In certain cases, especially where a user reuses the same password and username across multiple accounts, attackers (one in this case, identified as daghetiaw) gain unauthorized access to accounts, as well as information on the platforms on which the access credentials work.
The company assures that there has been no illegitimate access to its databases or internal systems. He also highlights that «The figure of 16 million supposedly affected customers is false, since the number of active accounts on PcComponentes is markedly lower. Likewise, illegitimate access has not been massive, that is, only some clients have been affected«.
Furthermore, company officials confirm that the bank details have not been compromised, since PcComponentes does not store them, unlike what was claimed by the attacker himself. As they point out in the statement, at PcComponentes they only keep a token that is used to identify the payment, but it does not allow you to view the card or make charges on its own.
They also reiterate that said code has no value outside the payment system and cannot be used fraudulently. That is why they make it clear that there is no risk of bank data theft. Likewise, remember that customer passwords are not stored in the company’s database, because they are transformed into a secret and encrypted code, which is irreversible. This means that no one can see the passwords. The information obtained by the attacker about the clients affected by the incident is: name, surname, ID if the client has entered it, address, IP, email and telephone number.
Due to the attack, PcComponentes has taken various measures to minimize the impact of the attack. First, they have implemented a captcha in the login process to block automated attempts by bots or scripts. Besides, They have mandatory activated a second authentication factorby sending a verification code to the user’s email to allow them to access the account.
Also have invalidated all sessions that were activewhich means that users have to log in again with the aforementioned security measures. On the other hand, as is usual in these cases, they have confirmed that they will send personalized messages to customers who may have been affected by the attack to explain the situation, as well as the measures put in place and the recommended actions.
