PARIS, FRANCE — A recent threat intelligence report logged a possible 37.8 million data breach involving ManoMano, a major European online market. This has drawn the attention of cybersecurity researchers, marketplace users, and even outsourcing providers.
According to the report, the threat actor identified as Indra extracted data from ManoMano’s customer support platform, Zendesk. This included after-sales service tickets, email addresses, and file attachments from several ManoMano regional marketplaces:
- France
- Italy
- Spain
- United Kingdom
The alleged data leak primarily involved support tickets, which may seem trivial, as they aren’t sensitive data like passwords or financial details. However, these can still be weaponized by leveraging concern details to create fraudulent emails.
At the moment, neither Zendesk nor ManoMano has confirmed the incident, but allegations don’t mean it should be ignored. Such data compromises expose customers and partners to:
- Targeted phishing attacks
- Business email compromise
- Fraud using support ticket information
- Reputational damage for ManoMano sellers
What This Incident Underscores
This incident underscores the importance of improving data security systems, not just for the customers’ sake but also for companies’ reputational integrity.
ManoMano isn’t the only victim of this breach. Its customer support platform, Zendesk, and its service provider in Tunisia, may also be under fire should the incident be confirmed. Questions about these entities’ data security protocols will increase, and such an incident will serve as a stark example of how a single slip-up can cause significant operational failure.
As support systems become increasingly targeted because they’re rich in vendor, user, and business information, this signals that companies should improve their data protection.
