Adobe Data Breach Exposes 13 Million Customer Support Records
Key Takeaways Threat actor “Mr. Raccoon” claims to have breached Adobe, exfiltrating 13 million customer support records and other sensitive data. The initial breach reportedly occurred...
Key Takeaways
- Threat actor “Mr. Raccoon” claims to have breached Adobe, exfiltrating 13 million customer support records and other sensitive data.
- The initial breach reportedly occurred through an Indian Business Process Outsourcing (BPO) firm contracted by Adobe, highlighting supply chain vulnerabilities.
- Stolen data includes customer personal information, employee records, and confidential HackerOne bug bounty submissions.
- The attacker suggests a critical access control misconfiguration within Adobe’s support ticketing platform enabled bulk data export.
A threat actor known as “Mr. Raccoon” has publicly claimed responsibility for a significant data breach targeting Adobe, asserting the exfiltration of a vast quantity of sensitive information. The alleged cache reportedly encompasses 13 million customer support tickets replete with personal data, 15,000 employee records, all submissions to Adobe’s HackerOne bug bounty program, and various internal corporate documents. These claims were first detailed by International Cyber Digest on April 3, 2026.
Table Of Content
According to the threat actor’s account, the intrusion did not originate directly within Adobe’s core infrastructure. Instead, Mr. Raccoon purportedly gained initial access via an Indian Business Process Outsourcing (BPO) firm that serves as an Adobe contractor. This method of entry underscores a prevalent supply chain vulnerability, where third-party vendor relationships can introduce significant security risks.
Attack Chain Via BPO
The attacker reportedly initiated the compromise by deploying a Remote Access Tool (RAT) onto a BPO employee’s workstation through a malicious email. Following this initial foothold, Mr. Raccoon allegedly escalated privileges by successfully phishing the compromised employee’s manager, thereby expanding control within the BPO network.
Beyond network access, the RAT deployment reportedly also granted the attacker control over the targeted employee’s webcam and the capability to intercept private communications conducted through WhatsApp.
One of the most concerning revelations came directly from Mr. Raccoon, who reportedly told International Cyber Digest, “They allowed you to export all tickets in one request from an agent.” This statement points to a severe access control misconfiguration within Adobe’s support ticketing platform, implying that the system permitted large-scale data extraction without adequate security checks or rate-limiting mechanisms.
International Cyber Digest stated that its team reviewed multiple files, which corroborated the extensive scope of the alleged breach. The purported dataset is particularly sensitive due to its composition.
Customer support tickets typically contain critical personal information such as names, email addresses, account specifics, and detailed descriptions of technical issues. Such information is invaluable for sophisticated phishing campaigns and identity theft.
The inclusion of submissions from Adobe’s HackerOne bug bounty program is especially alarming. These reports often detail unpublished vulnerabilities, which, if exposed, could be weaponized by other malicious actors before Adobe has a chance to develop and deploy patches.
As of this report, Adobe has not released an official statement to confirm or deny the alleged breach. Should these claims be verified, this incident would rank among the more substantial data exposures of 2026, prompting critical questions regarding the vetting of third-party vendors, the management of privileged access in customer support environments, and the inherent risks associated with overly permissive data export functionalities in enterprise ticketing systems.
What You Should Do
- For Organizations:
- Immediately audit all third-party vendor access, particularly BPO firms, to ensure robust security controls and least-privilege principles are enforced.
- Review and restrict bulk data export permissions within all customer support and ticketing systems.
- Implement enhanced monitoring for unusual data access patterns or large data transfers from internal systems.
- Educate employees, especially those with privileged access, on advanced phishing tactics and RAT deployment vectors.
- For Adobe Customers:
- Remain vigilant for suspicious emails, messages, or phone calls that claim to be from Adobe or related services.
- Be cautious of any communications requesting personal information, login credentials, or financial details.
- Consider enabling multi-factor authentication (MFA) on all Adobe accounts and other critical online services.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.