Third-party breach, 38M impacted, European e-commerce sector.
ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
Authorities notified: CNIL, ANSSI.
Passwords not reportedly accessed.
Subcontractor access revoked.

Key risk vectors:
– SaaS support platforms
– Vendor access governance
– Over-retention of ticketing data
– Centralized customer communication logs
– Supply chain attack surface expansion

This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

How mature is your third-party risk telemetry?
Engage below.

Source: https://www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/

Follow @technadu for high-signal infosec reporting.

Repost to amplify awareness across the security community.

#Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

Coupang confirms a data breach exposing customer information — e-commerce speed means nothing without security at scale. Trust must ship with every order. 📦🔓 #EcommerceSecurity #DataProtection

https://www.theregister.com/2025/12/01/coupang_breach/

Peak shopping season is almost here 🎯, and for many online stores, the real challenge isn’t scale, it’s security.

ScaleCommerce, a leading e-commerce hosting provider in Germany, once saw clients hit with 3 million requests in an hour, driving up costs and risking downtime.

After integrating CrowdSec, they were able to block 95% of malicious bot traffic, cut infrastructure spend, and keep sites fast during peak demand ⚡️.

As the year’s biggest shopping weekend approaches, make sure your traffic surge comes from real customers, not attacks.

Read the full story: https://www.crowdsec.net/blog/scalecommerce-plummets-ops-costs-and-skyrockets-efficiency

#cybersecurity #ecommercesecurity #blackfriday2025 #botprotection

A dangerous flaw in Adobe Commerce lets hackers hijack customer sessions with zero effort—and 60% of Magento stores are still unpatched. Is your business vulnerable?

https://thedefendopsdiaries.com/understanding-and-responding-to-the-sessionreaper-vulnerability-in-adobe-commerce/

#sessionreaper
#adobecommerce
#magento
#cve202554236
#ecommercesecurity

🚨 Critical Magento & Adobe Commerce Flaw (CVE-2025-54236 – SessionReaper) 🚨

Impact: Customer account takeover + unauthenticated remote code execution (CVSS 9.1 Critical).

👉 Full details and action steps: https://hostvix.com/sessionreaper-critical-magento-adobe-commerce-vulnerability-cve-2025-54236/

#Magento #AdobeCommerce #SessionReaper #CVE202554236 #CVE #Infosec #CyberSecurity #AppSec #WebSecurity #SecOps #BlueTeam #RedTeam #ThreatIntel #Vulnerability #PatchNow #ZeroDay #Exploit #EcommerceSecurity #DataSecurity #SecurityUpdate

🛍️ Online shopping scams are on the rise—watch for fake sites, too-good-to-be-true deals, and suspicious payment methods. Stay smart, shop safe.
#OnlineFraud #EcommerceSecurity 🕵️‍♂️💳

https://www.helpnetsecurity.com/2025/07/10/tips-online-shopping-scams/