PostHole
Compose Login
You are browsing us.zone2 in read-only mode. Log in to participate.
rss-bridge 2026-02-26T17:35:21+00:00

European DYI chain ManoMano data breach impacts 38 million customers

DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider. [...]

European DYI chain ManoMano data breach impacts 38 million customers

Bill Toulas

  • February 26, 2026
  • 12:35 PM
  • 1

[European DYI chain ManoMano data breach impacts 38 million customers]

DIY store chain ManoMano is notifying customers of a data breach that was caused by hackers compromising a third-party service provider.

The company confirmed to BleepingComputer that it learned of the hack in January 2026. An investigation into the incident determined that 38 million individuals are affected.

“We can confirm that ManoMano has recently notified customers about a security incident involving one of our third-party customer service providers (a subcontractor),” the company told BleepingComputer.

“In January 2026, we identified unauthorized access linked to this provider, which resulted in the unauthorized extraction of certain personal data associated with customer accounts and customer service interactions.”

ManoMano is a French e-commerce firm operating an online marketplace specializing in DIY, home improvement, gardening, and related products. It operates in France, Belgium, Spain, Italy, Germany, and the United Kingdom, and its e-stores reportedly have 50 million unique visitors per month.

Earlier this month, someone using the alias “Indra” claimed the ManoMano attack on a hacker forum, alleging that they were holding details on 37.8 million user accounts, as well as thousands of support tickets and attachments.

According to unconfirmed reports, the compromised organization was a Tunis-based customer support service provider that suffered a Zendesk breach.

Cybersecurity firm Hackmanac posted that ManoMano started notifying customers this week that their data had been stolen.

A spokesperson of ManoMano explained to BleepingComputer that the exposed information varies per individual, depending on the type of interactions they had with the platform. Exposed data types include:

  • Full name
  • Email address
  • Phone number
  • Customer service communications

ManoMano emphasizes that no account passwords were accessed and that no data modifications occurred on the company’s systems.

“Upon discovery, we took immediate steps to secure our environment, including disabling the relevant access, revoking the subcontractor’s access to customer data, and strengthening access controls and monitoring,” said a ManoMano spokesperson.

“We also notified the relevant authorities, including the CNIL and ANSSI, and informed impacted customers with guidance to remain vigilant against phishing and social engineering attempts.”

[Notice sent to customers]

*Notice sent to customers
Source: ManoMano*

The notification sample ManoMano shared with BleepingComputer contains recommendations for customers, including verifying incoming communications and sender identity, monitoring bank accounts for fraudulent transactions, and avoiding clicking on suspicious links or downloading email attachments.

ManoMano notes that the investigation is ongoing and that they cannot share additional technical details at this stage.

Red Report 2026: Why Ransomware Encryption Dropped 38%

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Volvo Group North America customer data exposed in Conduent hack

PayPal discloses data breach that exposed user info for 6 months

Eurail says stolen traveler data now up for sale on dark web

Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches

Odido data breach exposes personal info of 6.2 million customers

Original source

Reply