Roughly 38 million people were likely impacted by a data breach at European DIY store chain ManoMano after hackers compromised a support portal.
The attack occurred in January and was disclosed this week, when ManoMano started notifying the potentially affected customers of the incident.
According to the company’s notification, copies of which were shared on X, the data was stolen after a customer service subcontractor was compromised.
The hackers stole customers’ names, email addresses, and phone numbers, along with customer service exchanges.
While ManoMano has not shared details on the hacked platform, it appears that the hackers accessed its Zendesk instance, used by the company for customer support.
A threat actor using the name of ‘Indra’ claimed the attack on the underground hacking portal BreachForums, saying they stole roughly 43GB of data from the company.
The data, the threat actor claims, includes information associated with 37.8 million ManoMano user accounts, over 900,000 service tickets, and over 13,000 attachments.
The stolen data allegedly pertains to ManoMano users across all five European countries where it operates, namely France, Germany, Italy, Spain, and the United Kingdom.
The hacker allegedly accessed the company’s data after compromising a customer support service provider in Tunisia.
SecurityWeek has emailed ManoMano for a statement on the attacker’s claims and will update this article if the company responds.
A French company, ManoMano owns a popular DIY, gardening, and home improvement ecommerce website that has over 50 million visitors per month.
Related: CarGurus Data Breach Impacts Over 12 Million Users
Related: Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site
Related: US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
Related: PayPal Data Breach Led to Fraudulent Transactions
