European online DIY giant ManoMano is notifying roughly 38 million customers after threat actors compromised a third-party customer service provider, exposing personal data tied to user accounts and support interactions.The incident, discovered in January 2026, underscores the persistent risk posed by supply chain and vendor-based breaches.“We can confirm that ManoMano has recently notified customers about a security incident involving one of our third-party customer service providers (a subcontractor),” the company told BleepingComputer.
Advertisement TechRepublic is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities.Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don’t pay us.1 ESET PROTECT Advanced Visit Website Company Size Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Activity Monitoring, Antivirus, Blacklisting, and more 2 ManageEngine Desktop Central Visit Website Company Size Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Activity Monitoring, Antivirus, Dashboard, and more Inside the ManoMano breach ManoMano is one of Europe’s largest online marketplaces for DIY, gardening, and home improvement products, operating across France, Belgium, Spain, Italy, Germany, and the United Kingdom.
The platform draws roughly 50 million unique monthly visitors, and with nearly 38 million individuals affected, the breach stands as one of the more significant retail-sector data exposures in Europe in recent months.According to BleepingComputer, the scope of compromised data varies depending on a customer’s interaction with the platform.Exposed information may include full names, email addresses, phone numbers, and customer service communications.
ManoMano stressed that no account passwords were accessed and that there is no evidence of data being modified within its internal systems.How the third-party compromise unfolded Shortly before disclosure, a threat actor using the alias Indra claimed responsibility for the breach on a hacker forum, alleging possession of approximately 37.8 million user records as well as thousands of customer support tickets and attachments.Although these claims have not been independently verified, the figures closely align with the company’s public notification.
Unconfirmed reports indicate that the compromised organization may have been a Tunis-based subcontractor providing customer support services, and that the intrusion may have involved a Zendesk environment.Why customer support data is at risk Even without passwords, customer service records can be highly exploitable.Support tickets often contain contextual details such as: Order numbers.
Billing inquiries.Shipping addresses.Account confirmations.
Troubleshooting exchanges.Armed with this information, attackers can craft highly convincing phishing emails or impersonation attempts that reference legitimate transactions or prior communications.The contextual accuracy lowers user suspicion and increases the likelihood of successful social engineering, potentially leading to credential harvesting, financial fraud, or additional compromise.
In response to the incident, ManoMano said it revoked the subcontractor’s access to customer data, strengthened access controls and monitoring mechanisms, and notified French regulators, including the CNIL and ANSSI.The company added that its investigation remains ongoing and that additional technical details about the incident have not yet been released.Must-read security coverage UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case Blackpoint Cyber vs.
Arctic Wolf: Which MDR Solution is Right for You? How GitHub Is Securing the Software Supply Chain 8 Best Enterprise Password Managers Managing third-party security risk As organizations increase their reliance on SaaS platforms and third-party service providers, vendor risk management should be integrated into broader security operations rather than handled solely as a compliance requirement.Reducing exposure requires a combination of technical safeguards, clear governance structures, and well-defined response processes.Enforce least-privilege and just-in-time access for third parties, require multi-factor authentication, validate device posture, and manage privileged accounts through centralized access controls.
Continuously monitor SaaS environments by logging API activity, reviewing tokens and OAuth grants, deploying SaaS security posture management (SSPM) tools, and alerting on abnormal access or bulk data exports.Minimize and segment vendor-accessible data by limiting the number of shared datasets, applying tokenization or pseudonymization, and enforcing field-level encryption where appropriate.Strengthen contractual and governance controls by requiring timely breach notification, validating security attestations such as SOC 2 Type II, maintaining right-to-audit clauses, and verifying vendor cyber insurance coverage.
Implement data loss prevention (DLP), cloud access security broker (CASB), and egress monitoring controls to detect and restrict unauthorized mass data extraction.Prepare for downstream phishing and fraud risks by enforcing DMARC, DKIM, and SPF, monitoring for brand impersonation, and raising fraud-detection thresholds.Regularly test incident response plans and build playbooks around third-party compromise scenarios.
The ManoMano incident highlights how third-party providers can create meaningful risk exposure, even when an organization’s primary systems are not directly compromised.As companies rely more heavily on interconnected SaaS platforms and service partners, vendors are increasingly attractive targets because of the volume of centralized customer data they manage.Editor’s note: This article originally appeared on our sister website, eSecurityPlanet.
Subscribe to the Cybersecurity Insider Newsletter Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.Delivered every Monday, Tuesday and Thursday Subscribe to the Cybersecurity Insider Newsletter Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.Delivered every Monday, Tuesday and Thursday
Read More
