An alleged breach at Adobe may have exposed millions of support records and internal data through a third party vendor, though the company has not confirmed the incident.
Quick Summary – TLDR:
- A threat actor named Mr. Raccoon claims to have accessed 13 million Adobe support tickets.
- The alleged breach reportedly occurred via a third party BPO vendor in India.
- Data may include customer details, employee records, and HackerOne submissions.
- Adobe has not confirmed the breach, and verification is still pending.
What Happened?
Reports from cybersecurity researchers suggest that a hacker may have gained access to Adobe data through a compromised third party support system. The claims are based on direct communication with the threat actor and supporting evidence that is still being verified.
The alleged breach appears limited to Adobe’s helpdesk environment rather than its core infrastructure, but the scale of the claimed data exposure has raised serious concerns.
🚨‼️ BREAKING: Adobe has been breached by threat actor Mr. Raccoon, leaking 13 million support tickets with personal data, 15,000 employee records, all HackerOne submissions, internal documents and more.
— International Cyber Digest (@IntCyberDigest) April 2, 2026
Mr. Raccoon gained access through an Indian BPO, first deploying a remote… pic.twitter.com/cCH74Fjluk
Alleged Entry Point Through Third Party Vendor
According to details shared by the threat actor and reviewed by cybersecurity analysts, the attack did not begin inside Adobe’s own systems. Instead, it reportedly started with an Indian Business Process Outsourcing provider that handled support operations.
The attacker is said to have:
- Sent a malicious email to a BPO employee.
- Installed a remote access tool on the compromised system.
- Used phishing tactics to target the employee’s manager.
- Expanded access deeper into the support environment.
This method reflects a growing trend where attackers exploit supply chain weaknesses rather than targeting large companies directly.
Scale and Nature of the Alleged Data Leak
The threat actor claims to have extracted a massive dataset that includes:
- 13 million support tickets.
- Around 15,000 employee records.
- All HackerOne bug bounty submissions.
- Internal documents and communications.
Support tickets often contain customer names, email addresses, billing issues, and product usage details. Such information can be highly valuable for phishing campaigns and identity theft.
The inclusion of HackerOne submissions is particularly concerning because these reports may reveal unpatched vulnerabilities, potentially giving other attackers a roadmap to exploit systems.
Possible Access Control Weakness
One of the most alarming claims made by the attacker points to a potential flaw in Adobe’s support system design.
The attacker reportedly stated that support agents were able to export all tickets in a single request. If true, this suggests:
- Weak access control policies.
- Lack of rate limiting.
- Insufficient monitoring for bulk data extraction.
Security experts note that such misconfigurations can significantly amplify the impact of a breach.
Evidence and Verification Status
So far, the claims have not been officially confirmed by Adobe. The primary source of the information is a cybersecurity focused account that says it reviewed samples of the leaked data.
Some supporting evidence reportedly includes:
- Screenshots of internal file storage systems.
- Access to customer experience related documents.
- Webcam captures from a compromised employee device.
Independent researchers have said the breach appears plausible, but stress that verification is still ongoing. Early assessments also suggest that the intrusion may have been limited to the helpdesk system, not Adobe’s full internal network.
Risks for Customers and Employees
If the claims are accurate, the exposed data could be used for highly targeted phishing attacks.
- Customers may receive convincing emails related to support tickets or billing issues.
- Employees could face internal phishing or social engineering attacks.
- Sensitive vulnerability data could be misused by other threat actors.
Security researchers are advising users who recently interacted with Adobe support to remain cautious about unsolicited communications.
Broader Industry Implications
This incident highlights a larger issue facing many organizations in 2026, which is the growing risk from third party vendors and outsourced operations.
Even when a company’s core systems are secure, weaker controls in partner networks can become an entry point for attackers. It also underscores the importance of:
- Strict vendor access controls.
- Continuous security monitoring.
- Limiting bulk data access permissions.
SQ Magazine’s Takeaway
I think this situation is a clear reminder that security is only as strong as the weakest link, and in many cases, that link is not the company itself but its vendors. If these claims turn out to be true, this is not just a breach story, it is a wake up call for how casually some systems handle massive amounts of sensitive data. The idea that millions of support tickets could be exported in one go is deeply concerning.