ManoMano Data Breach Affects 38 Million Customers via Third-Party Service Provider
Summary
Hide ▲
Show ▼
ManoMano, a European DIY e-commerce platform, disclosed a data breach impacting 38 million customers. The breach occurred in January 2026 due to unauthorized access to a third-party customer service provider. Exposed data includes full names, email addresses, phone numbers, and customer service communications. The stolen data includes information associated with 37.8 million ManoMano user accounts, over 900,000 service tickets, and over 13,000 attachments, pertaining to users across France, Germany, Italy, Spain, and the United Kingdom. No account passwords were compromised. The company has taken steps to secure its environment and notified relevant authorities and affected customers. The breach was claimed by an individual using the alias 'Indra' on a hacker forum, alleging the theft of 37.8 million user accounts and thousands of support tickets. The compromised service provider is reportedly a Tunis-based customer support firm that suffered a Zendesk breach.
Timeline
-
26.02.2026 19:35 2 articles · 1d ago
ManoMano Data Breach Affects 38 Million Customers via Third-Party Service Provider
ManoMano disclosed a data breach impacting 38 million customers due to unauthorized access to a third-party customer service provider in January 2026. Exposed data includes full names, email addresses, phone numbers, and customer service communications. The stolen data includes information associated with 37.8 million ManoMano user accounts, over 900,000 service tickets, and over 13,000 attachments, pertaining to users across France, Germany, Italy, Spain, and the United Kingdom. The breach was claimed by an individual using the alias 'Indra' on a hacker forum. The compromised service provider is reportedly a Tunis-based customer support firm that suffered a Zendesk breach. ManoMano has taken steps to secure its environment and notified relevant authorities and affected customers.
Show sources
- European DYI chain ManoMano data breach impacts 38 million customers — www.bleepingcomputer.com — 26.02.2026 19:35
- 38 Million Allegedly Impacted by ManoMano Data Breach — www.securityweek.com — 27.02.2026 15:41
Information Snippets
-
ManoMano identified unauthorized access to a third-party customer service provider in January 2026.
First reported: 26.02.2026 19:352 sources, 2 articlesShow sources
- European DYI chain ManoMano data breach impacts 38 million customers — www.bleepingcomputer.com — 26.02.2026 19:35
- 38 Million Allegedly Impacted by ManoMano Data Breach — www.securityweek.com — 27.02.2026 15:41
-
The breach impacted 38 million customers, exposing full names, email addresses, phone numbers, and customer service communications.
First reported: 26.02.2026 19:352 sources, 2 articlesShow sources
- European DYI chain ManoMano data breach impacts 38 million customers — www.bleepingcomputer.com — 26.02.2026 19:35
- 38 Million Allegedly Impacted by ManoMano Data Breach — www.securityweek.com — 27.02.2026 15:41
-
No account passwords were accessed, and no data modifications occurred on ManoMano's systems.
First reported: 26.02.2026 19:352 sources, 2 articlesShow sources
- European DYI chain ManoMano data breach impacts 38 million customers — www.bleepingcomputer.com — 26.02.2026 19:35
- 38 Million Allegedly Impacted by ManoMano Data Breach — www.securityweek.com — 27.02.2026 15:41
-
ManoMano has taken steps to secure its environment, including disabling relevant access, revoking the subcontractor's access to customer data, and strengthening access controls and monitoring.
First reported: 26.02.2026 19:352 sources, 2 articlesShow sources
- European DYI chain ManoMano data breach impacts 38 million customers — www.bleepingcomputer.com — 26.02.2026 19:35
- 38 Million Allegedly Impacted by ManoMano Data Breach — www.securityweek.com — 27.02.2026 15:41
-
The company notified the CNIL and ANSSI and informed impacted customers with guidance to remain vigilant against phishing and social engineering attempts.
First reported: 26.02.2026 19:352 sources, 2 articlesShow sources
- European DYI chain ManoMano data breach impacts 38 million customers — www.bleepingcomputer.com — 26.02.2026 19:35
- 38 Million Allegedly Impacted by ManoMano Data Breach — www.securityweek.com — 27.02.2026 15:41
-
An individual using the alias 'Indra' claimed responsibility for the breach on a hacker forum, alleging the theft of 37.8 million user accounts and thousands of support tickets.
First reported: 26.02.2026 19:352 sources, 2 articlesShow sources
- European DYI chain ManoMano data breach impacts 38 million customers — www.bleepingcomputer.com — 26.02.2026 19:35
- 38 Million Allegedly Impacted by ManoMano Data Breach — www.securityweek.com — 27.02.2026 15:41
-
The compromised service provider is reportedly a Tunis-based customer support firm that suffered a Zendesk breach.
First reported: 26.02.2026 19:352 sources, 2 articlesShow sources
- European DYI chain ManoMano data breach impacts 38 million customers — www.bleepingcomputer.com — 26.02.2026 19:35
- 38 Million Allegedly Impacted by ManoMano Data Breach — www.securityweek.com — 27.02.2026 15:41
-
The stolen data includes information associated with 37.8 million ManoMano user accounts, over 900,000 service tickets, and over 13,000 attachments.
First reported: 27.02.2026 15:411 source, 1 articleShow sources
- 38 Million Allegedly Impacted by ManoMano Data Breach — www.securityweek.com — 27.02.2026 15:41
-
The compromised data pertains to ManoMano users across France, Germany, Italy, Spain, and the United Kingdom.
First reported: 27.02.2026 15:411 source, 1 articleShow sources
- 38 Million Allegedly Impacted by ManoMano Data Breach — www.securityweek.com — 27.02.2026 15:41
Similar Happenings
Grubhub Data Breach and Extortion Attempt by ShinyHunters
Grubhub confirmed a recent data breach where unauthorized individuals accessed and downloaded data from its systems. The company stated that sensitive information such as financial data or order history was not affected. However, sources indicate that the ShinyHunters cybercrime group is extorting Grubhub, demanding Bitcoin to prevent the release of stolen Salesforce and Zendesk data. The breach is believed to be connected to stolen credentials from the recent Salesloft Drift data theft attacks.
Former Coinbase Support Agent Arrested for Facilitating Data Breach
A former Coinbase customer support agent was arrested in Hyderabad, India, for assisting hackers in stealing sensitive customer data from a company database in early 2025. The breach exposed personal information of approximately 69,500 customers, including names, dates of birth, partial SSNs, addresses, phone numbers, email addresses, and KYC documents. The hackers demanded a $20 million ransom. The incident involved bribed employees of TaskUs, a customer support outsourcing firm in India. Additionally, a separate scammer, Ronald Spektor, was charged for impersonating Coinbase and stealing $16 million from 100 victims.
Discord User Data Compromised in Third-Party Breach
Hackers claim to have stolen data from 5.5 million unique Discord users after compromising a third-party customer service provider. The attack occurred on September 20, 2025, affecting users who interacted with Discord’s customer support and/or Trust and Safety teams. The breach appears to be financially motivated, with hackers demanding a ransom. The Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack, stating they breached a Zendesk instance used by Discord for customer support. The compromised data includes real names, usernames, email addresses, contact details, IP addresses, messages, attachments, photos of government-issued identification documents, partial billing information, and purchase history. Discord took immediate action to isolate the support provider from its ticketing system and launched an investigation with the help of a forensics firm and law enforcement. The hackers also accessed corporate data, including training materials and internal presentations. Discord has notified law enforcement and relevant data protection authorities about the incident. No full credit card numbers, CVV codes, passwords, or authentication data were compromised. Additionally, no messages or activity on Discord outside of communication with customer support were obtained by the attackers.
Vyro AI Leak Exposes Sensitive User Data from Three Applications
Vyro AI, a maker of AI-content creation applications, has inadvertently leaked 116GB of sensitive user data from three of its products: ImagineArt, Chatly, and Chatbotx. The data, which includes AI prompts, bearer authentication tokens, and user agents, was exposed for several months. The leak could have allowed attackers to monitor user behavior, extract sensitive information, and hijack user accounts. Separately, audio streaming platform SoundCloud has confirmed a security breach in which threat actors stole a database containing user information. The breach affected 29.8 million accounts, approximately 20% of SoundCloud's users, and exposed email addresses, geographic locations, names, usernames, profile statistics, and avatars. The breach was followed by denial-of-service attacks, VPN connectivity issues, and extortion attempts by the ShinyHunters extortion gang.
Supply Chain Attack on Drift via OAuth Token Theft
A supply chain attack targeted the Drift chatbot, a marketing software-as-a-service product, resulting in the mass theft of OAuth tokens from multiple companies. Salesloft, the parent company, took Drift offline on September 5, 2025, to review and enhance security. Affected companies include Cloudflare, Google Workspace, PagerDuty, Palo Alto Networks, Proofpoint, SpyCloud, Tanium, Tenable, and Zscaler. The threat actor, tracked as UNC6395 and GRUB1, exploited OAuth tokens to access Salesforce data. The attack underscores the risks associated with third-party integrations and the importance of robust security measures in enterprise defenses.