manomano.fr data breach

manomano.fr

What Happened

In January 2026, French e-commerce platform ManoMano (manomano.fr), specializing in DIY and home improvement products, suffered a data breach when threat actor “Indra” compromised a Tunis-based third-party customer support subcontractor via a Zendesk account, leading to the unauthorized exfiltration of approximately 37.8-38 million customer records totaling 43 GB. Exposed data included names, email addresses, phone numbers, over 935,000 customer service tickets, and 13,500 attachments, affecting users across Europe (France, Spain, Italy, Germany, UK), though passwords and ManoMano’s internal systems remained secure. The company detected the incident in January, promptly blocked the compromised account, revoked subcontractor access, enhanced controls, notified customers on February 25, and reported to French authorities CNIL and ANSSI, warning of phishing and social engineering risks from the detailed support logs.

Compromised Assets

  • email
  • full name
  • phone

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches