PcComponentes Incident Was a Credential Stuffing Attack Using Infostealer Logs
Published
Key Takeaways
- Incident Type: The security event affecting Spanish retailer PcComponentes was a credential stuffing attack, not a direct breach of the company's internal systems.
- Data Source: The attacker utilized credentials sourced from historical infostealer logs, with some infections dating back to 2020 and 2021.
- User Impact: Although not a system breach, the attack successfully scraped sensitive personal user data from compromised accounts.
A recent security incident involving the prominent Spanish electronics retailer PcComponentes underscores the growing threat posed by credential stuffing campaigns fueled by infostealer logs. A threat actor, using the alias "daghetiaw," claimed to have breached the company and offered a database of user information for sale.Â
However, an investigation by PcComponentes concluded that its servers were not compromised. Instead, the incident was a large-scale credential stuffing attack, where attackers used previously stolen username and password combinations to gain unauthorized access to individual customer accounts.
The Role of Infostealer Logs in the Attack
Forensic analysis confirmed that the email addresses in the attacker's sample data were present in existing infostealer logs, an Infostealers by HudsonRock report said. This indicates the threat actor did not breach PcComponentes' infrastructure directly but aggregated credentials harvested from user devices infected with malware over several years.Â
By successfully logging into valid accounts, the attacker was able to scrape and exfiltrate sensitive personally identifiable information (PII), creating a convincing "proof" sample of 500,000 lines that gave the false impression of a direct database compromise:
- names,Â
- addresses,Â
- phone numbers,Â
- tax IDs.
This tactic highlights a critical challenge for cybersecurity in retail, where the public perception often fails to distinguish between a data breach and widespread account takeovers. In a similar case, Google debunked Gmail data breach reports that claimed 183 million user account credentials leaked.
Data Breach Prevention and User Protection
This event serves as a critical reminder of the importance of proactive data breach prevention strategies that extend beyond perimeter security. For organizations, monitoring for credentials compromised by infostealers is essential to identify and reset passwords before they can be used in stuffing attacks.Â
For users, the incident reinforces the need to use unique, complex passwords for every online service and to enable multi-factor authentication (MFA) wherever possible.Â
Password reuse remains a primary enabler for credential stuffing, and this attack demonstrates how old, forgotten compromises can be weaponized years later with significant impact.
A separate cybersecurity report this month highlighted that dozens of global companies have been breached via infostealer credentials. The North Face confirmed a credential stuffing attack occurred in May 2025.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular