ManoMano has warned that a January 2026 compromise of a third-party customer service provider led to unauthorized extraction of personal data for roughly 38 million individuals. The company says its own systems and passwords were not accessed, has revoked the subcontractor’s access, notified authorities, and urged customers to watch for phishing and monitor accounts. #ManoMano #Zendesk
Keypoints
- A third-party customer service provider was compromised, impacting about 38 million individuals.
- Exposed data varies by user and can include full names, email addresses, phone numbers, and customer service communications.
- An attacker using the alias “Indra” claimed to hold 37.8 million user accounts plus support tickets and attachments.
- ManoMano states no account passwords or changes to its systems were observed.
- The company revoked the subcontractor’s access, notified CNIL and ANSSI, and advised customers to verify communications and monitor accounts.