Adobe Breach - Threat Actor Allegedly Claims Leak of 13 Million Support Tickets and Employee Records - CyberSecurityNews

HomeCyber Security Adobe Breach – Threat Actor Allegedly Claims Leak of 13 Million Support Tickets and Employee Records By Guru Baran April 3, 2026 A threat actor identified as “Mr. Raccoon” has allegedly breached Adobe, claiming to have exfiltrated a massive trove of sensitive data, including 13 million support tickets containing personal information, 15,000 employee records, all HackerOne bug bounty submissions, and a range of internal documents, according to a report published by International Cyber Digest. According to details shared by the threat actor, the intrusion did not begin directly within Adobe’s infrastructure. Instead, Mr. Raccoon allegedly gained initial access through an Indian Business Process Outsourcing (BPO) firm contracted by Adobe, a classic supply chain pivot that highlights growing risks in third-party vendor relationships. Attack Chain Via BPO The attacker reportedly deployed a Remote Access Tool (RAT) on a BPO employee’s machine via a malicious email. Once that foothold was established, Mr. Raccoon escalated access by phishing the compromised employee’s manager, broadening control within the network. The RAT deployment reportedly also gave the attacker webcam access on the targeted employee, along with the ability to intercept private communications through WhatsApp. Perhaps the most alarming disclosure came directly from Mr. Raccoon, who told International Cyber Digest: “They allowed you to export all tickets in one request from an agent.” This suggests a significant access control misconfiguration within Adobe’s support ticketing platform — one that allowed bulk data extraction without triggering adequate security controls or rate-limiting mechanisms. Directories open to access (Source:International Cyber Digest ) International Cyber Digest stated that its team reviewed multiple files confirming the breach’s scope. The alleged stolen dataset is particularly sensitive for several reasons. Support tickets typically contain customer names, email addresses, account details, and descriptions of technical issues, a goldmine for phishing campaigns and identity theft. The inclusion of HackerOne submissions is especially concerning, as these contain unpublished vulnerability reports that could be weaponized by other threat actors before patches are deployed. Adobe has yet to issue an official statement confirming or denying the breach. If verified, this incident would represent one of the more significant data exposures of 2026, raising urgent questions around third-party vendor security vetting, privileged access management in support environments, and the risks of overly permissive data export capabilities in enterprise ticketing systems. Security teams across industries are advised to monitor their own BPO and contractor access pathways, audit bulk data export permissions, and watch for any credential or vulnerability data from this alleged breach appearing on dark web forums. Note: This article is based on unverified claims reported by International Cyber Digest. Adobe has not officially confirmed the breach at the time of publication. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Tags cyber security cyber security news data breach Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News SLOTAGENT Malware Uses API Hashing and Encrypted Strings to Hinder Reverse Engineering Linux Kernel 0-Day “Copy Fail” Roots Every Major Distribution Since 2017 Vimeo Confirms Data Breach – Hackers Accessed Users Database Critical Gemini CLI Vulnerability Enables Remote Code Execution Attacks Qilin Ransomware Enumerates RDP Authentication History on a Compromised Server Latest News Cyber Security News CISA Warns of Linux Kernel 0-Day Vulnerability Exploited in Attacks Apache Apache MINA Vulnerabilities Enables Remote Code Execution Attacks Cyber Security News CISA Warns of cPanel & WHM Vulnerability Exploited in Attacks Cyber Security News Critical MOVEit Vulnerabilities Enables Authentication Bypass Cyber Security News Threat Actors Use AI to Automate 0-Day Discovery and Exploitation at Machine Speed