PcComponents has clarified some of the doubts that have arisen around the alleged ‘hacking’ of its ‘eCommerce’ platform, through which the Daghetiaw threat actor claims to have a database of 16 million customers.
The Spanish ‘eCommerce’ assures in a statement that ““They are not aware” that their systems have suffered a security breach and points to a phenomenon known as ‘credential stuffing’, by which cybercriminals use email addresses and passwords obtained from security leaks that occurred in compromised databases.
These types of attacks take advantage of the fact that users sometimes reuse the same password on multiple platforms allowing cybercriminals access to your account, where they can collect information.
Regarding the figure, he assures that they do not have 16 million clients, “since the number of active accounts in PcComponentes is markedly lower“, and that it is not a massive access either, since “only some clients have been affected.”
It also explains that no bank details have been compromisedbecause they do not store them, but what the platform keeps is a security code (token) “that serves to identify the payment, but does not allow you to view the card or make charges on its own.”
Something similar happens with customer passwords, which are also not stored in its database and become “a secret and encrypted code (‘hash’),” which prevents both PcComponentes and other third parties from seeing them.
On the contrary, it does indicate that there is some data that has been affected, and quotes: name, surname, ID, address, IP, email and telephone.
To avoid new security incidents, PcComponentes has closed all active sessions of its clients, to force them to log in with the new measures that it has implemented, including the implementation of CAPTCHA in the login process and the mandatory activation of a second factor of authentication (2FA).
They also recommend to their clients avoid reusing passwords in different services. And given the possibility of being the target of ‘phishing’ campaigns that have passed through this platform, manage any change in data about an order directly on your website and do not provide personal data or click on tracking links for orders or collections that arrive by email or text message.
https://gameincasinos.com
https://nucasinos.com
https://portroyalcasinos.com
https://melhorlistadecasinos.com
https://jetcasinoonlines.com
https://casinobcs.com
https://oleybetcasinos.com
https://borgatacasinospa.com
https://gotticasino.com
https://cherrygoldcasinos.com
https://juncasinos.com
https://casinoats.com
https://casinombs.com
https://obcasinos.com
https://casinoslotss.com
https://casinoenchiles.com
https://casinomidass.com
https://playcasinoss.com
https://atgcasinos.com
https://casinovegass.com
https://onlinecasinoadvices.com
https://castlecasinos.com
https://allonlinecasinoss.com
https://ambcasinos.com
https://cryptocasinoindias.com