38 Million Customer Accounts Exposed in ManoMano Data Breach
In a significant cybersecurity incident, European DIY platform ManoMano disclosed a major data breach affecting 38 million customers. The breach was caused by a third-party service provider being compromised, leading to the unauthorized extraction of personal data linked to customer accounts and service interactions.
The company, which specializes in DIY, home improvement, gardening, and tools, confirmed the security breach in January 2026. ManoMano stated that it discovered unauthorized access linked to this provider, resulting in the unauthorized extraction of certain personal data associated with customer accounts and customer service interactions. The exposed data includes first name, last name, email address, telephone number, and eventual interactions with customer service. Fortunately, user passwords were not compromised.
Upon detecting the breach, ManoMano immediately blocked the compromised account and revoked the subcontractor's access. Enhanced data access controls were implemented internally and for all subcontractors. Authorities, including CNIL, ANSSI, and the Cyber Emergency Île-de-France platform, were informed to ensure proper oversight and response.
The company emphasized that it took all necessary measures to protect customer data as soon as the incident was identified. The analyses conducted by cybersecurity teams allowed for the quick identification of the compromised account, which was blocked on the same day the incident was discovered. Subsequently, ManoMano revoked all subcontractor's access to customer data.
Furthermore, ManoMano implemented reinforced controls on data access, both within its company and at other subcontractors. The company also informed the CNIL (French National Commission for Information Technology and Civil Liberties), the ANSSI (French National Agency for the Security of Information Systems), and the Cyber Emergency Île-de-France platform.
In February, a threat actor using the alias "Indra" claimed responsibility for the data breach, allegedly holding data on 37.8 million users, including support tickets. The investigation into the incident is still ongoing.
The ManoMano data breach serves as a reminder of the importance of robust cybersecurity measures and regular vulnerability assessments. It highlights the need for companies to prioritize data protection and implement effective incident response strategies.
Cybersecurity experts recommend that individuals take steps to protect themselves from potential data breaches, such as:
* Using strong passwords and two-factor authentication * Keeping software and operating systems up-to-date with the latest security patches * Regularly monitoring account activity and reporting suspicious transactions * Educating themselves on data protection best practices
By taking these precautions, individuals can reduce their risk of becoming a victim of a data breach like the one experienced by ManoMano.
In conclusion, the 38 million customer accounts exposed in the ManoMano data breach are a wake-up call for companies and individuals alike. It underscores the need for robust cybersecurity measures and regular vulnerability assessments to prevent such incidents from occurring in the future.