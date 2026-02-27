ManoMano lost sensitive data on 37.8 million customers via third-party Zendesk breach

Exposed info includes names, emails, phone numbers, and support communications

Company disabled subcontractor access, notified authorities, and warned users about phishing risks

Popular DIY, home improvement, and gardening ecommerce site ManoMano has suffered a third-party cyberattack which saw it lose sensitive data on almost 38 million customers.

In January 2026, a threat actor alias “Indra” allegedly broke into a customer support service provider in Tunis, through a Zendesk account. From there, they proceeded to exfiltrate sensitive customer data, including people’s full names, email addresses, phone numbers, and customer service communications.

In a dark web forum post, published after the breach, Indra said 37.8 million people were affected.

Widespread issue

ManoMano confirmed the news to BleepingComputer, adding that no account passwords were accessed, and that the data on company servers was not tampered with. The company also said it was now notifying affected individuals about the incident.

“We can confirm that ManoMano has recently notified customers about a security incident involving one of our third-party customer service providers (a subcontractor),” the company said.

“Upon discovery, we took immediate steps to secure our environment, including disabling the relevant access, revoking the subcontractor’s access to customer data, and strengthening access controls and monitoring,” they added. “We also notified the relevant authorities, including the CNIL and ANSSI, and informed impacted customers with guidance to remain vigilant against phishing and social engineering attempts.”

ManoMano is a French marketplace that connects third-party sellers with consumers across six European countries. It operates both a consumer platform and a B2B arm, ManoManoPro, for professional tradespeople, and draws around 50 million unique visitors a month.

The company has warned its customers to be wary of incoming email messages and other communication.

