"ManoMano said it was informed that a customer service provider was hit by a cyberattack in January 2026 that led to 'the unauthorized download of personal data associated with your customer account.' The company said its investigation found that 'an illegal data extraction was carried out from the account of one of our subcontractor's agents.'"
"The exposed data includes first and last names, email addresses, phone numbers, and 'any potential exchanges you may have had with our customer service department.' ManoMano stressed that 'your password is not affected' and that customer data 'remains intact and has not been modified.'"
"The actor alleges access to 37.8 million user accounts totaling roughly 43 GB of data, along with 935,000 after-sales service tickets and more than 13,500 attachments. The claimed haul reportedly spans multiple European markets, including France, Spain, Italy, Germany, and the UK."
French online marketplace ManoMano notified customers of a data breach affecting a customer service subcontractor in January 2026. The unauthorized data extraction exposed first and last names, email addresses, phone numbers, and customer service interactions. ManoMano confirmed passwords and data integrity remained unaffected. The attack vector is suspected to be Zendesk, a widely-used support platform. However, a threat actor on BreachForums claiming responsibility alleges the breach is significantly larger than ManoMano's disclosure, claiming access to 37.8 million user accounts totaling 43 GB of data, including service tickets and attachments spanning France, Spain, Italy, Germany, and the UK.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]