DIY retailer chain ManoMano is notifying prospects of a knowledge breach that was attributable to hackers compromising a third-party service supplier.
The corporate confirmed to BleepingComputer that it realized of the hack in January 2026. An investigation into the incident decided that 38 million people are affected.
“We will verify that ManoMano has not too long ago notified prospects a few safety incident involving considered one of our third-party customer support suppliers (a subcontractor),” the corporate advised BleepingComputer.
“In January 2026, we recognized unauthorized entry linked to this supplier, which resulted within the unauthorized extraction of sure private knowledge related to buyer accounts and customer support interactions.”
ManoMano is a French e-commerce agency working a web-based market specializing in DIY, house enchancment, gardening, and associated merchandise. It operates in France, Belgium, Spain, Italy, Germany, and the UK, and its e-stores reportedly have 50 million distinctive guests monthly.
Earlier this month, somebody utilizing the alias “Indra” claimed the ManoMano assault on a hacker discussion board, alleging that they had been holding particulars on 37.8 million person accounts, in addition to hundreds of help tickets and attachments.
In response to unconfirmed experiences, the compromised group was a Tunis-based buyer help service supplier that suffered a Zendesk breach.
Cybersecurity agency Hackmanac posted that ManoMano began notifying prospects this week that their knowledge had been stolen.
A spokesperson of ManoMano defined to BleepingComputer that the uncovered data varies per particular person, relying on the kind of interactions that they had with the platform. Uncovered knowledge sorts embrace:
- Full identify
- E mail handle
- Cellphone quantity
- Customer support communications
ManoMano emphasizes that no account passwords had been accessed and that no knowledge modifications occurred on the corporate’s techniques.
“Upon discovery, we took fast steps to safe the environment, together with disabling the related entry, revoking the subcontractor’s entry to buyer knowledge, and strengthening entry controls and monitoring,” stated a ManoMano spokesperson.
“We additionally notified the related authorities, together with the CNIL and ANSSI, and knowledgeable impacted prospects with steering to stay vigilant in opposition to phishing and social engineering makes an attempt.”
Supply: ManoMano
The notification pattern ManoMano shared with BleepingComputer accommodates suggestions for patrons, together with verifying incoming communications and sender identification, monitoring financial institution accounts for fraudulent transactions, and avoiding clicking on suspicious hyperlinks or downloading electronic mail attachments.
ManoMano notes that the investigation is ongoing and that they can not share extra technical particulars at this stage.
Fashionable IT infrastructure strikes quicker than guide workflows can deal with.
On this new Tines information, find out how your crew can cut back hidden guide delays, enhance reliability by automated response, and construct and scale clever workflows on prime of instruments you already use.
