ManoMano data breach: massive DIY chain incident impacts 38 million customers - here's what we know

News
By published

French ecommerce site suffers third-party breach

Shopping Cart
(Image credit: athree23 / Pixabay)
  • ManoMano lost sensitive data on 37.8 million customers via third-party Zendesk breach
  • Exposed info includes names, emails, phone numbers, and support communications
  • Company disabled subcontractor access, notified authorities, and warned users about phishing risks

Popular DIY, home improvement, and gardening ecommerce site ManoMano has suffered a third-party cyberattack which saw it lose sensitive data on almost 38 million customers.

In January 2026, a threat actor alias “Indra” allegedly broke into a customer support service provider in Tunis, through a Zendesk account. From there, they proceeded to exfiltrate sensitive customer data, including people’s full names, email addresses, phone numbers, and customer service communications.

In a dark web forum post, published after the breach, Indra said 37.8 million people were affected.

Widespread issue

ManoMano confirmed the news to BleepingComputer, adding that no account passwords were accessed, and that the data on company servers was not tampered with. The company also said it was now notifying affected individuals about the incident.

“We can confirm that ManoMano has recently notified customers about a security incident involving one of our third-party customer service providers (a subcontractor),” the company said.

“Upon discovery, we took immediate steps to secure our environment, including disabling the relevant access, revoking the subcontractor’s access to customer data, and strengthening access controls and monitoring,” they added. “We also notified the relevant authorities, including the CNIL and ANSSI, and informed impacted customers with guidance to remain vigilant against phishing and social engineering attempts.”

ManoMano is a French marketplace that connects third-party sellers with consumers across six European countries. It operates both a consumer platform and a B2B arm, ManoManoPro, for professional tradespeople, and draws around 50 million unique visitors a month.

The company has warned its customers to be wary of incoming email messages and other communication.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.