Adobe Breach – Threat Actor Allegedly Claims Leak of 13 Million Support Tickets and Employee Records

Home Cyber Security Adobe Breach – Threat Actor Allegedly Claims Leak of 13 Million Support... A threat actor identified as “Mr. Raccoon” has allegedly breached Adobe, claiming to have exfiltrated a massive trove of sensitive data, including 13 million support tickets containing personal information, 15,000 employee records, all HackerOne bug bounty submissions, and a range of internal documents, according to a report published by International Cyber Digest. According to details shared by the threat actor, the intrusion did not begin directly within Adobe’s infrastructure. Instead, Mr. Raccoon allegedly gained initial access through an Indian Business Process Outsourcing (BPO) firm contracted by Adobe, a classic supply chain pivot that highlights growing risks in third-party vendor relationships. Attack Chain Via BPO The attacker reportedly deployed a Remote Access Tool (RAT) on a BPO employee’s machine via a malicious email. Once that foothold was established, Mr. Raccoon escalated access by phishing the compromised employee’s manager, broadening control within the network. The RAT deployment reportedly also gave the attacker webcam access on the targeted employee, along with the ability to intercept private communications through WhatsApp. Perhaps the most alarming disclosure came directly from Mr. Raccoon, who told International Cyber Digest: “They allowed you to export all tickets in one request from an agent.” This suggests a significant access control misconfiguration within Adobe’s support ticketing platform — one that allowed bulk data extraction without triggering adequate security controls or rate-limiting mechanisms. Directories open to access (Source:International Cyber Digest ) International Cyber Digest stated that its team reviewed multiple files confirming the breach’s scope. The alleged stolen dataset is particularly sensitive for several reasons. Support tickets typically contain customer names, email addresses, account details, and descriptions of technical issues, a goldmine for phishing campaigns and identity theft. The inclusion of HackerOne submissions is especially concerning, as these contain unpublished vulnerability reports that could be weaponized by other threat actors before patches are deployed. Adobe has yet to issue an official statement confirming or denying the breach. If verified, this incident would represent one of the more significant data exposures of 2026, raising urgent questions around third-party vendor security vetting, privileged access management in support environments, and the risks of overly permissive data export capabilities in enterprise ticketing systems. Security teams across industries are advised to monitor their own BPO and contractor access pathways, audit bulk data export permissions, and watch for any credential or vulnerability data from this alleged breach appearing on dark web forums. Note: This article is based on unverified claims reported by International Cyber Digest. Adobe has not officially confirmed the breach at the time of publication. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR ANY.RUN How Elite SOCs Cut Escalation Rates by Arming Tier 1 With Better Threat Intelligence Cyber Security News Hackers Clone CERT-UA Site to Trick Victims Into Installing Go-Based RAT Cyber Security News New Akira Lookalike Ransomware Campaign Targeting Windows Users in South America Top 10 10 Best VPN For Privacy In 2026 April 2, 2026 Top 20 Best Digital Forensic Tools in 2026 April 2, 2026 12 Best AWS Monitoring Tools in 2026 March 30, 2026 10 Best Spam Filter Tools 2026 March 30, 2026 10 Best Log Monitoring Tools in 2026 March 30, 2026