Cyber: European Dyi Chain Manomano Data Breach Impacts 38 Million Customers

DIY store chain ManoMano is notifying customers of a data breach that was caused by hackers compromising a third-party service provider.

The company confirmed to BleepingComputer that it learned of the hack in January 2026. An investigation into the incident determined that 38 million individuals are affected.

“We can confirm that ManoMano has recently notified customers about a security incident involving one of our third-party customer service providers (a subcontractor),” the company told BleepingComputer.

“In January 2026, we identified unauthorized access linked to this provider, which resulted in the unauthorized extraction of certain personal data associated with customer accounts and customer service interactions.”

ManoMano is a French e-commerce firm operating an online marketplace specializing in DIY, home improvement, gardening, and related products. It operates in France, Belgium, Spain, Italy, Germany, and the United Kingdom, and its e-stores reportedly have 50 million unique visitors per month.

Earlier this month, someone using the alias “Indra” claimed the ManoMano attack on a hacker forum, alleging that they were holding details on 37.8 million user accounts, as well as thousands of support tickets and attachments.

According to unconfirmed reports, the compromised organization was a Tunis-based customer support service provider that suffered a Zendesk breach.

Cybersecurity firm Hackmanac posted that ManoMano started notifying customers this week that their data had been stolen.

A spokesperson of ManoMano explained to BleepingComputer that the exposed information varies per individual, depending on the type of interactions they had with the platform. Exposed data types include:

ManoMano emphasizes that no account passwords were accessed and that no data modifications occurred on the company’s systems.

Source: BleepingComputer