MANOMANO disclosed a data breach affecting 38 million customers, linked to a third-party service provider. According to BleepingComputer, the incident involved unauthorized access in January 2026 that led to the extraction of personal data associated with customer accounts and service interactions, though user passwords were not compromised.
The company says it notified affected users and implemented reinforced data access controls, blocking the compromised account on discovery and revoking the subcontractor’s access to customer data. Authorities including CNIL, ANSSI and the Cyber Emergency Île-de-France platform were informed to ensure oversight and response. In February, a threat actor using the alias “Indra” claimed responsibility for the breach, alleging data on 37.8 million users and including support tickets.