A significant data breach at ManoMano, a leading European DIY and home improvement retailer, has potentially compromised the personal information of approximately 38 million individuals. The breach, which targeted a support portal, has raised considerable concern among customers and cybersecurity experts.
Details of the Data Breach
The cyber attack was initially executed in January but only came to light this week when ManoMano began notifying customers who might have been affected. According to the company, a breach of a customer service subcontractor was the point of entry for the hackers, allowing them to access sensitive customer data.
The stolen data includes names, email addresses, phone numbers, and details of customer service interactions. The breach reportedly involved unauthorized access to ManoMano’s Zendesk platform, a tool used for managing customer support queries.
Claims by the Hacker
An individual or group operating under the pseudonym ‘Indra’ has claimed responsibility for the attack. They announced on the BreachForums platform that they had exfiltrated roughly 43GB of data, which includes information linked to 37.8 million user accounts, alongside more than 900,000 service tickets and over 13,000 attachments.
The breach extends across all five European countries where ManoMano operates, namely France, Germany, Italy, Spain, and the UK. It is alleged that the data was accessed through a compromised customer support provider based in Tunisia.
Company’s Response and Security Implications
ManoMano, founded in France, is renowned for its expansive e-commerce platform that caters to DIY, gardening, and home improvement enthusiasts, attracting over 50 million visitors each month. The company has yet to release a detailed statement regarding the hacker’s claims but has been contacted by SecurityWeek for further comments.
This incident highlights the ongoing vulnerabilities in digital customer service platforms and the critical need for robust cybersecurity measures. As investigations continue, affected users are advised to monitor their accounts for any suspicious activity and update their security credentials.
With data breaches becoming increasingly common, businesses must prioritize the protection of customer data to maintain trust and prevent potential financial and reputational damage.
