French DIY store chain ManoMano has begun notifying customers about a data breach after hackers compromised a third-party service provider. As a result, the incident exposed data linked to millions of users.
The company confirmed to BleepingComputer that it discovered the hack in January 2026. Investigators later determined that the breach affects 38 million individuals.
“We can confirm that ManoMano has recently notified customers about a security incident involving one of our third-party customer service providers (a subcontractor),” the company said.
“In January 2026, we identified unauthorized access linked to this provider, which resulted in the unauthorized extraction of certain personal data associated with customer accounts and customer service interactions.”
ManoMano operates as a French e-commerce firm specializing in DIY, home improvement, and gardening products. The company runs its online marketplace across France, Belgium, Spain, Italy, Germany, and the United Kingdom. Additionally, its e-commerce platforms attract approximately 50 million unique monthly visitors, highlighting its significant European footprint.
Hacker Claims and Third-Party Breach Details
Earlier this month, an individual using the alias “Indra” claimed responsibility for the ManoMano attack on a hacker forum. The threat actor alleged possession of data from 37.8 million user accounts, along with thousands of support tickets and attachments.
Meanwhile, unconfirmed reports suggest that a Tunis-based customer support provider suffered a Zendesk breach, which may have enabled attackers to access ManoMano-related data.
Furthermore, cybersecurity firm Hackmanac reported that ManoMano started notifying customers this week that attackers had stolen their data.
A ManoMano spokesperson explained to BleepingComputer that the exposed information varies by individual, depending on each customer’s interaction with the platform.
The compromised data may include:
- Full name
- Email address
- Phone number
- Customer service communications
However, ManoMano stresses that attackers did not access account passwords, and no one altered data within the company’s internal systems.
Company Response and Security Measures
Upon detecting the breach, ManoMano immediately acted to contain the incident.
“Upon discovery, we took immediate steps to secure our environment, including disabling the relevant access, revoking the subcontractor’s access to customer data, and strengthening access controls and monitoring,” said a ManoMano spokesperson.
In addition, the company reported the incident to French authorities, including CNIL and ANSSI.
“We also notified the relevant authorities, including the CNIL and ANSSI, and informed impacted customers with guidance to remain vigilant against phishing and social engineering attempts.”
Notice sent to customers
Source: ManoMano
Customer Guidance and Ongoing Investigation
The notification sample ManoMano shared with BleepingComputer advises customers to:
- Verify incoming communications and confirm sender identity
- Monitor bank accounts for fraudulent transactions
- Avoid clicking suspicious links
- Refrain from downloading unexpected email attachments
Finally, ManoMano confirms that the investigation remains ongoing. At this stage, the company states that it cannot disclose additional technical details about the incident.
Source: BleepingComputer, Bill Toulas
Read more at Impreza News
