DIY retailer chain ManoMano is notifying prospects of a knowledge breach that was brought on by hackers compromising a third-party service supplier.
The corporate confirmed to BleepingComputer that it discovered of the hack in January 2026. An investigation into the incident decided that 38 million people are affected.
“We will affirm that ManoMano has not too long ago notified prospects a few safety incident involving certainly one of our third-party customer support suppliers (a subcontractor),” the corporate advised BleepingComputer.
“In January 2026, we recognized unauthorized entry linked to this supplier, which resulted within the unauthorized extraction of sure private information related to buyer accounts and customer support interactions.”
ManoMano is a French e-commerce agency working an internet market specializing in DIY, dwelling enchancment, gardening, and associated merchandise. It operates in France, Belgium, Spain, Italy, Germany, and the UK, and its e-stores reportedly have 50 million distinctive guests per thirty days.
Earlier this month, somebody utilizing the alias “Indra” claimed the ManoMano assault on a hacker discussion board, alleging that they had been holding particulars on 37.8 million consumer accounts, in addition to hundreds of assist tickets and attachments.
In keeping with unconfirmed stories, the compromised group was a Tunis-based buyer assist service supplier that suffered a Zendesk breach.
Cybersecurity agency Hackmanac posted that ManoMano began notifying prospects this week that their information had been stolen.
A spokesperson of ManoMano defined to BleepingComputer that the uncovered info varies per particular person, relying on the kind of interactions that they had with the platform. Uncovered information sorts embody:
- Full title
- E mail handle
- Cellphone quantity
- Customer support communications
ManoMano emphasizes that no account passwords had been accessed and that no information modifications occurred on the corporate’s methods.
“Upon discovery, we took fast steps to safe the environment, together with disabling the related entry, revoking the subcontractor’s entry to buyer information, and strengthening entry controls and monitoring,” stated a ManoMano spokesperson.
“We additionally notified the related authorities, together with the CNIL and ANSSI, and knowledgeable impacted prospects with steerage to stay vigilant towards phishing and social engineering makes an attempt.”
Supply: ManoMano
The notification pattern ManoMano shared with BleepingComputer comprises suggestions for patrons, together with verifying incoming communications and sender identification, monitoring financial institution accounts for fraudulent transactions, and avoiding clicking on suspicious hyperlinks or downloading e mail attachments.
ManoMano notes that the investigation is ongoing and that they can’t share further technical particulars at this stage.
Fashionable IT infrastructure strikes sooner than handbook workflows can deal with.
On this new Tines information, find out how your workforce can cut back hidden handbook delays, enhance reliability by means of automated response, and construct and scale clever workflows on prime of instruments you already use.
