Overview: ManoMano Data Breach

Key Facts: ManoMano Data Breach

• Date reported: February 25, 2026.
• Unauthorized access identified: January 2026.
• Target entity: ManoMano (manomano.com).
• Source of breach: Compromise of a Tunis-based third-party customer support provider.
• Data types: Customer names, email addresses, phone numbers, and 935,000+ customer service tickets.
• Status: Confirmed; high-severity incident involving the exfiltration of 43GB of data.
• Severity: High; impacts approximately 38 million customers across Europe.

Start continuous breach monitoring with UpGuard.

What happened in the ManoMano data breach?

ManoMano (manomano.com) reported a high-severity security incident on February 25, 2026, which involved the threat actor known as Indra. The breach originated from a compromise of a third-party service provider based in Tunis, which managed the company's customer support operations. ManoMano first became aware of the unauthorized activity in January 2026.

The incident involved unauthorized access to a Zendesk instance, resulting in the theft of 43 gigabytes of data. This included the personal details of roughly 38 million customers, as well as nearly one million customer service communications and 13,000 file attachments. While ManoMano confirmed that internal systems and account passwords were not accessed, the exposure of detailed support logs significantly raises the risk of sophisticated social engineering attacks.

Who is behind the incident?

The threat actor Indra has been identified as the group responsible for the security attack. Indra typically employs sophisticated methods to identify and exploit vulnerabilities within third-party vendors—in this case, a customer service subcontractor—to gain entry into larger corporate datasets. Their involvement suggests a calculated campaign focused on high-volume data extraction from the European retail and DIY sectors. By targeting the support portal rather than the main site, the actor bypassed traditional perimeter defenses to harvest deeply contextual personal data.

Impact and risks for ManoMano customers

For the 38 million affected customers in France, Germany, Italy, Spain, and the UK, the exposure of names, emails, and phone numbers presents significant risks. However, the unique danger of this breach lies in the exposure of customer service logs. Attackers can now craft "contextual phishing" lures that reference specific past orders, delivery issues, or refund requests found in the stolen tickets.

Standard outcomes for such breaches include a surge in targeted SMS (smishing) and email phishing. To mitigate these risks, users should remain extremely vigilant against any "support" calls or emails that reference previous interactions with ManoMano. Transparent reporting by the vendor is a critical step in allowing users to secure their digital identities against these highly personalized threats.

Frequently Asked Questions

What happened in the ManoMano security breach?

Indra claimed responsibility for a security attack on a third-party subcontractor used by ManoMano. The incident, reported on February 25, 2026, resulted in the theft of 43GB of customer support data and personal identifiers.

When did the ManoMano breach occur?

The breach was publicly reported on February 25, 2026. However, the unauthorized access was first identified by ManoMano in January 2026, after the threat actor Indra successfully breached a third-party Zendesk portal.

What data was exposed?

The exposed data includes names, email addresses, and phone numbers for 38 million users. Additionally, over 935,000 support tickets and 13,000 attachments (which may contain photos or documents sent to support) were exfiltrated.

Is my personal information at risk?

If you have ever contacted ManoMano customer support, your information is at high risk. While passwords remain secure, the details of your past orders and conversations are now in the hands of threat actors, which could be used for targeted fraud.

How can I protect myself after this data breach?

• If you are a ManoMano customer, be prepared for extremely convincing scams. A scammer might call you and say, "I'm following up on ticket #935123 regarding your Bosch Power Drill," in an attempt to steal your payment details.
• Ensure multi-factor authentication is active on your ManoMano and email accounts.
• Block any suspicious texts regarding "delivery failures" or "refunds."

What steps should companies take after being impacted by this breach?

ManoMano has worked to isolate the compromised third-party portal and has notified the relevant European data protection authorities. Moving forward, the company is expected to implement stricter audit requirements for subcontractors and enhance its supply chain attack surface management.