DIY retailer chain ManoMano is notifying prospects of a data breach that was attributable to hackers compromising a third-party service supplier.
The corporate confirmed to BleepingComputer that it realized of the hack in January 2026. An investigation into the incident decided that 38 million people are affected.
“We will affirm that ManoMano has not too long ago notified prospects a couple of security incident involving one in all our third-party customer support suppliers (a subcontractor),” the corporate informed BleepingComputer.
“In January 2026, we recognized unauthorized entry linked to this supplier, which resulted within the unauthorized extraction of sure private information related to buyer accounts and customer support interactions.”
ManoMano is a French e-commerce agency working an internet market specializing in DIY, residence enchancment, gardening, and associated merchandise. It operates in France, Belgium, Spain, Italy, Germany, and the UK, and its e-stores reportedly have 50 million distinctive guests per thirty days.
Earlier this month, somebody utilizing the alias “Indra” claimed the ManoMano assault on a hacker discussion board, alleging that they had been holding particulars on 37.8 million consumer accounts, in addition to 1000’s of assist tickets and attachments.
In response to unconfirmed experiences, the compromised group was a Tunis-based buyer assist service supplier that suffered a Zendesk breach.
Cybersecurity agency Hackmanac posted that ManoMano began notifying prospects this week that their information had been stolen.
A spokesperson of ManoMano defined to BleepingComputer that the uncovered info varies per particular person, relying on the kind of interactions they’d with the platform. Uncovered information varieties embrace:
- Full identify
- E-mail tackle
- Telephone quantity
- Customer support communications
ManoMano emphasizes that no account passwords had been accessed and that no information modifications occurred on the corporate’s techniques.
“Upon discovery, we took speedy steps to safe our surroundings, together with disabling the related entry, revoking the subcontractor’s entry to buyer information, and strengthening entry controls and monitoring,” mentioned a ManoMano spokesperson.
“We additionally notified the related authorities, together with the CNIL and ANSSI, and knowledgeable impacted prospects with steerage to stay vigilant towards phishing and social engineering makes an attempt.”
Supply: ManoMano
The notification pattern ManoMano shared with BleepingComputer accommodates suggestions for purchasers, together with verifying incoming communications and sender identification, monitoring financial institution accounts for fraudulent transactions, and avoiding clicking on suspicious hyperlinks or downloading e mail attachments.
ManoMano notes that the investigation is ongoing and that they can not share extra technical particulars at this stage.
Trendy IT infrastructure strikes quicker than guide workflows can deal with.
On this new Tines information, find out how your group can cut back hidden guide delays, enhance reliability via automated response, and construct and scale clever workflows on high of instruments you already use.
