ManoMano data breach: massive DIY chain incident impacts 38 million customers - here's what we know

• ManoMano lost sensitive data on 37.8 million customers via third-party Zendesk breach
• Exposed info includes names, emails, phone numbers, and support communications
• Company disabled subcontractor access, notified authorities, and warned users about phishing risks

Popular DIY, home improvement, and gardening ecommerce site ManoMano has suffered a third-party cyberattack which saw it lose sensitive data on almost 38 million customers.

In January 2026, a threat actor alias “Indra” allegedly broke into a customer support service provider in Tunis, through a Zendesk account. From there, they proceeded to exfiltrate sensitive customer data, including people’s full names, email addresses, phone numbers, and customer service communications.

In a dark web forum post, published after the breach, Indra said 37.8 million people were affected.