ManoMano is notifying customers after hackers compromised a third-party customer service provider in January 2026, exposing personal data tied to 38 million individuals.
KEY FACTS
- Incident Compromise of a subcontracted customer service provider
- Affected 38 million individuals
- Data exposed Names, email addresses, phone numbers, and customer service communications
- Passwords No account passwords accessed
- Actions Subcontractor access revoked and controls strengthened
ManoMano learned of the incident in January 2026 and an internal investigation determined that personal data associated with customer accounts and customer service interactions was extracted.
A social media post by Hackmanac reported that ManoMano started notifying customers this week.
Exposed information varies by individual depending on the type of interaction with the platform and includes full name, email address, phone number, and customer service communications. The company notes no data modifications occurred on its systems.
Upon discovery, ManoMano disabled the relevant access, revoked the subcontractor’s access to customer data, strengthened access controls and monitoring, and notified the CNIL and ANSSI. Impacted customers received guidance to monitor accounts and beware of phishing and social engineering attempts.
WHY IT MATTERS
The exposure of contact details and service communications increases the risk of phishing and identity misuse for millions of customers. The investigation is ongoing and additional technical details have not been released.