Adobe Allegedly Breached by "Mr. Raccoon" via Third-Party BPO Firm
A threat actor known as Mr. Raccoon has claimed responsibility for a major breach of Adobe, reportedly exfiltrating a vast trove of sensitive data. According to a report by International Cyber Digest, the stolen material includes:
- 13 million support tickets containing customer personal information (names, emails, account details)
- 15,000 employee records
- All HackerOne bug bounty submissions, which could expose unpublished vulnerabilities
- Internal documents
The attack did not originate within Adobe’s systems but instead exploited a supply chain vulnerability a third-party Indian Business Process Outsourcing (BPO) firm contracted by Adobe. Mr. Raccoon allegedly gained initial access by deploying a Remote Access Tool (RAT) via a malicious email to a BPO employee. The attacker then escalated privileges by phishing the employee’s manager, expanding control within the network.
The RAT also reportedly enabled webcam access and WhatsApp message interception on the compromised machine. A critical security flaw in Adobe’s support ticketing platform allowed bulk data extraction without proper rate-limiting or access controls, as noted by the threat actor: “They allowed you to export all tickets in one request from an agent.”
International Cyber Digest reviewed files confirming the breach’s scope, raising concerns about phishing risks, identity theft, and the weaponization of unpublished vulnerabilities from the stolen HackerOne reports. Adobe has not yet issued an official statement confirming or denying the incident.
If verified, this breach would rank among the most significant of 2026, underscoring risks in third-party vendor security, privileged access management, and overly permissive data export functions in enterprise systems. The incident highlights the growing threat of supply chain attacks and the need for stricter controls over contractor access pathways.
Source: https://cybersecuritynews.com/adobe-breach/
Adobe cybersecurity rating report: https://www.rankiteo.com/company/adobe
BPO Process Outsourcing cybersecurity rating report: https://www.rankiteo.com/company/bpoprocessoutsourcing
"id": "ADOBPO1775190288",
"linkid": "adobe, bpoprocessoutsourcing",
"type": "Breach",
"date": "4/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '13 million',
'industry': 'Software',
'location': 'Global',
'name': 'Adobe',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'IT Services',
'location': 'India',
'name': 'Third-party BPO Firm',
'type': 'Business Process Outsourcing'}],
'attack_vector': 'Supply Chain Attack',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '13 million support tickets, '
'15,000 employee records',
'personally_identifiable_information': 'Names, emails, '
'account details',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Customer personal information',
'Employee records',
'Bug bounty submissions',
'Internal documents']},
'description': 'A threat actor known as Mr. Raccoon has claimed '
'responsibility for a major breach of Adobe, reportedly '
'exfiltrating a vast trove of sensitive data, including 13 '
'million support tickets, 15,000 employee records, all '
'HackerOne bug bounty submissions, and internal documents. The '
'attack exploited a supply chain vulnerability via a '
'third-party Indian Business Process Outsourcing (BPO) firm '
'contracted by Adobe. The threat actor gained initial access '
'by deploying a Remote Access Tool (RAT) via a malicious email '
'to a BPO employee and escalated privileges through phishing.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '13 million support tickets, 15,000 employee '
'records, all HackerOne bug bounty '
'submissions, internal documents',
'identity_theft_risk': 'High',
'systems_affected': 'Adobe support ticketing platform, third-party '
'BPO firm systems'},
'initial_access_broker': {'entry_point': 'Malicious email with Remote Access '
'Tool (RAT) to BPO employee'},
'lessons_learned': 'Risks in third-party vendor security, privileged access '
'management, and overly permissive data export functions '
'in enterprise systems',
'post_incident_analysis': {'root_causes': ['Supply chain vulnerability via '
'third-party BPO firm',
'Privilege escalation through '
'phishing',
'Insecure support ticketing '
'platform allowing bulk data '
'export']},
'recommendations': 'Stricter controls over contractor access pathways, '
'enhanced monitoring of third-party vendors, and '
'implementation of rate-limiting and access controls for '
'data export functions',
'references': [{'source': 'International Cyber Digest'}],
'threat_actor': 'Mr. Raccoon',
'title': "Adobe Allegedly Breached by 'Mr. Raccoon' via Third-Party BPO Firm",
'type': 'Data Breach',
'vulnerability_exploited': 'Insecure support ticketing platform (bulk data '
'export without rate-limiting or access controls)'}