ManoMano recently informed its user base of a significant data breach stemming from a security compromise at an external service provider. The incident was first detected in early 2026 and is estimated to have exposed the personal information of approximately 38 million individuals.

The French e-commerce company, which focuses on home improvement and gardening supplies across Europe, officially confirmed the breach after identifying unauthorized access through a third-party subcontractor. This subcontractor was responsible for managing customer service interactions, and the breach allowed hackers to extract data tied to both user accounts and support history. The company initially discovered the intrusion in January 2026 and has since launched an investigation to determine the full scope of the vulnerability.

The scale of the incident is particularly notable given ManoMano's massive digital footprint, which includes roughly 50 million unique monthly visitors across its various regional storefronts. Because the platform serves a wide international audience in countries like the United Kingdom, Germany, and Italy, the leaked data likely affects a diverse range of European consumers. The company has spent the weeks following the discovery analyzing which specific datasets were accessed before beginning the formal notification process for those impacted.

Public attention was drawn to the situation when a threat actor using the pseudonym Indra claimed responsibility on a known hacking forum. The hacker asserted that they had obtained records for nearly 38 million accounts, along with thousands of confidential support tickets and file attachments. These claims aligned closely with the figures later confirmed by the company, suggesting that the breach involved a deep dive into the marketplace's customer service archives.

Industry reports suggest the point of failure may have been a Tunisia-based customer support firm that experienced a security lapse involving its Zendesk platform. While ManoMano has not officially named the specific subcontractor or the software involved, cybersecurity researchers have been tracking the leak since it first appeared online. The nature of the stolen data, which includes support tickets, implies that both static account details and more conversational, personal information shared during help requests may have been compromised.

Formal notifications began reaching customers this week as the company works to mitigate the fallout from the event. Cybersecurity experts have noted that the breach highlights the ongoing risks associated with third-party supply chains, where the security of a primary company is only as strong as its least secure partner. Impacted users are being advised to remain vigilant against phishing attempts and other forms of identity fraud that often follow such large-scale data exposures.

Source: European DIY Chain ManoMano Data Breach Exposes Info Of 38 Million Customers