Estafette
Compose Login
You are browsing eu.zone1 in read-only mode. Log in to participate.
rss-bridge 2026-02-27T07:41:50+00:00

ManoMano data breach impacted 38 Million customer accounts

European DIY platform ManoMano suffered a data breach via a third-party provider, exposing personal data of 38 million customers. European DIY e-commerce platform ManoMano disclosed a major data breach affecting 38 million customers. Hackers accessed personal information by compromising a third-party service provider, prompting notifications and potential security measures for impacted users across multiple countries. […]

---

- Home

- Cyber Crime

- Cyber warfare

- APT

- Data Breach

- Deep Web

- Hacking

- Hacktivism

- Intelligence

- Artificial Intelligence

- Internet of Things

- Laws and regulations

- Malware

- Mobile

- Reports

- Security

- Social Networks

- Terrorism

- ICS-SCADA

- Crypto

- POLICIES

- Contact me

MUST READ

Canadian Tire 2025 data breach impacts 38 million users

Microsoft warns of RAT delivered through trojanized gaming utilities

Aeternum botnet hides commands in Polygon smart contracts

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Juniper issues emergency patch for critical PTX router RCE

How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently

12 Million exposed .env files reveal widespread security failures

ManoMano data breach impacted 38 Million customer accounts

Trend Micro fixes two critical flaws in Apex One

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

Untrusted repositories turn Claude code into an attack vector

ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

Lazarus APT group deployed Medusa Ransomware against Middle East target

SolarWinds patches four critical Serv-U flaws enabling root access

VMware Aria Operations flaws could enable remote attacks

- Home

- Cyber Crime

- Cyber warfare

- APT

- Data Breach

- Deep Web

- Hacking

- Hacktivism

- Intelligence

- Artificial Intelligence

- Internet of Things

- Laws and regulations

- Malware

- Mobile

- Reports

- Security

- Social Networks

- Terrorism

- ICS-SCADA

- Crypto

- POLICIES

- Contact me

- Home

- Breaking News

- Cyber Crime

- Data Breach

- Hacking

- ManoMano data breach impacted 38 Million customer accounts

ManoMano data breach impacted 38 Million customer accounts

Pierluigi Paganini
February 27, 2026

European DIY platform ManoMano suffered a data breach via a third-party provider, exposing personal data of 38 million customers.

European DIY e-commerce platform ManoMano disclosed a major data breach affecting 38 million customers. Hackers accessed personal information by compromising a third-party service provider, prompting notifications and potential security measures for impacted users across multiple countries.

ManoMano is a European e-commerce platform specializing in DIY, home improvement, gardening, and tools. Founded in 2013, it connects consumers with a wide range of products—from power tools and plumbing supplies to outdoor furniture and gardening equipment—offered by multiple sellers, including brands and independent retailers.

ManoMano confirmed to BleepingComputer that it discovered a security breach in January 2026 affecting 38 million customers. The incident involved a third-party service provider, whose unauthorized access led to the extraction of personal data linked to customer accounts and service interactions. The company has notified affected users and is investigating the scope of the compromise.

“In January 2026, we identified unauthorized access linked to this provider, which resulted in the unauthorized extraction of certain personal data associated with customer accounts and customer service interactions.” the company told BleepingComputer.

According to the data breach notification sent to the impacted customers, the exposed data includes: first name, last name, email address, telephone number, and your eventual interactions with our customer service.

The company pointed out that user passwords were not compromised.

Upon detecting the breach, the company immediately blocked the compromised account and revoked the subcontractor’s access. Enhanced data access controls were implemented internally and for all subcontractors. Authorities, including CNIL, ANSSI, and the Cyber Emergency Île-de-France platform, were informed to ensure proper oversight and response.

“As soon as the incident was identified, we immediately took all necessary measures to protect your data.

The analyses conducted by our cyber security teams allowed for the quick identification of the compromised account, which was blocked on the same day the incident was discovered. Subsequently, we revoked all of our subcontractor’s access to our customers’ data.” reads the data breach notification sent to the impacted users.

“We have also implemented reinforced controls on data access, both within our company and at our other subcontractors. Finally, we informed the CNIL (French National Commission for Information Technology and Civil Liberties), the ANSSI (French National Agency for the Security of Information Systems) and the Cyber Emergency Île-de-France platform.”

#ManoMano
Gentile Cliente,
siamo stati recentemente informati che uno dei nostri fornitori di servizi clienti (subappaltatore) è stato vittima di un attacco informatico nel gennaio 2026, che ha comportato un download non autorizzato di dati personali pic.twitter.com/UYvRxoPz3r

— JAMESWT (@JAMESWT_WT) February 12, 2026

In February, a threat actor using the alias “Indra” claimed responsibility for the data breach, allegedly holding data on 37.8 million users, including support tickets.

The investigation into the incident is still ongoing.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

---

---

Cybercrime
data breach
Hacking

you might also like

Pierluigi Paganini
March 01, 2026

Read more

Pierluigi Paganini
February 28, 2026

Canadian Tire 2025 data breach impacts 38 million users

Read more

up-to-date!

recent articles

Security / March 01, 2026

Canadian Tire 2025 data breach impacts 38 million users

Data Breach / February 28, 2026

Microsoft warns of RAT delivered through trojanized gaming utilities

Malware / February 28, 2026

Aeternum botnet hides commands in Polygon smart contracts

Mobile / February 27, 2026

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Security / February 27, 2026

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.

Manage consent

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT

---

[Original source](https://securityaffairs.com/188582/data-breach/manomano-data-breach-impacted-38-million-customer-accounts.html)

Reply