Ethical Hacking News
French DIY etailer ManoMano has been hit by a massive data breach, with an estimated 37.8 million user accounts compromised in a cyberattack on one of its subcontractors. The incident highlights the ongoing need for robust security protocols and regular updates to protect sensitive customer data, particularly in the wake of recent high-profile breaches involving DIY and home improvement platforms.
ManoMano, a French DIY etailer, has suffered a high-profile data breach with an estimated 37.8 million user accounts compromised. The breach was caused by a cyberattack on a customer service provider subcontracted by ManoMano, resulting in the unauthorized download of personal data. Concerns have been raised about security protocols at ManoMano, particularly with the use of widely targeted support platforms like Zendesk. The scale of the compromise is disputed, with some claiming the actual number of affected accounts may be significantly higher than initially stated. The subcontractor involved in the breach remains unknown and has been accused of failing to patch vulnerabilities in its systems. ManoMano has warned customers about potential phishing attempts using stolen data and reported the incident to French data protection authorities.
French DIY etailer ManoMano has found itself at the center of a high-profile data breach scandal, with customer data stolen in a cyberattack on one of its subcontractors. The incident, which occurred in January 2026, saw an estimated 37.8 million user accounts compromised, sparking widespread concern among security experts and customers alike.
According to ManoMano's notification, the breach was caused by a cyberattack on a customer service provider, which resulted in the unauthorized download of personal data associated with affected users' accounts. The company has stated that it immediately took all necessary measures to protect its customers' data, blocked the compromised account, and revoked access to its subcontractor's data.
However, the breach has raised questions about the security protocols in place at ManoMano, particularly given the involvement of a widely used support platform like Zendesk. Unconfirmed reports suggest that the vector for the attack was indeed Zendesk, which has been repeatedly targeted by hackers in recent years.
The breach has also sparked concerns about the scale of the compromise, with some claiming that the actual number of compromised accounts is significantly higher than ManoMano's initial statement suggests. According to BreachForums, a user known as "Indra" claims to have access to 37.8 million user accounts, as well as 935,000 after-sales service tickets and over 13,500 attachments.
The incident has also led to accusations against the subcontractor involved in the breach, with some claiming that the vector for the attack was due to a failure by the subcontractor to patch vulnerabilities in its systems. The subcontractor's identity remains unknown, however.
In response to the breach, ManoMano has warned customers that their stolen data could be used in phishing or impersonation attempts and advised them to remain vigilant for potential fraud attempts. The company has also reported the incident to France's data protection watchdog, CNIL, and the national cybersecurity agency, ANSSI.
The breach highlights the ongoing need for robust security protocols and regular updates to protect sensitive customer data. It also underscores the importance of subcontractors taking adequate measures to secure their systems and prevent similar incidents from occurring in the future.
In recent years, there have been numerous high-profile data breaches involving DIY and home improvement platforms, highlighting the vulnerability of these types of businesses to cyberattacks. The breach at ManoMano serves as a reminder that no business is immune to the threat of cybercrime, and that robust security measures are essential for protecting sensitive customer data.
The incident also raises questions about the role of subcontractors in data breaches, particularly when it comes to managing sensitive customer data. As more businesses rely on subcontractors to manage their operations, it is essential that these contractors take adequate measures to secure their systems and prevent similar incidents from occurring.
In conclusion, the breach at ManoMano serves as a wake-up call for businesses and customers alike, highlighting the importance of robust security protocols and regular updates to protect sensitive customer data. It also underscores the need for subcontractors to take adequate measures to secure their systems and prevent similar incidents from occurring in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/Data-Breach-Fallout-ManoManos-Subcontractor-Scandal-Raises-Questions-About-Customer-Data-Security-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/27/manomano_breach/
https://www.theregister.com/2026/02/27/manomano_breach/
https://www.clubic.com/actualite-600733-catastrophe-pour-manomano-victime-de-la-cyberattaque-d-un-sous-traitant-qui-a-fait-fuiter-de-nombreuses-donnees.html
Published: Fri Feb 27 10:24:21 2026 by llama3.2 3B Q4_K_M
