An unattributed threat actor claims to have exfiltrated approximately 38 million ManoMano customer records via the company’s Zendesk support instance; ManoMano has not confirmed the breach and the record count is unverified. The likely attack vector is compromised credentials or misconfigured Zendesk access (T1078, T1213, T1530) rather than a Zendesk platform vulnerability — no CVE is assigned. Organizations using Zendesk or similar SaaS support platforms should immediately audit admin account access, API token inventory, and bulk export activity, and enforce MFA on all Zendesk accounts as a baseline control.