New Delhi: Adobe is facing fresh scrutiny after a threat actor, identified as “Mr. Raccoon,” claimed to have accessed a large volume of internal data through a third-party vendor. The alleged breach, first reported by International Cyber Digest, points to a possible supply chain compromise rather than a direct attack on Adobe’s core systems.
Early details suggest the incident may involve sensitive customer and internal data, raising concerns across the cybersecurity community. Adobe has not issued an official confirmation at the time of writing.
🚨‼️ BREAKING: Adobe has been breached by threat actor Mr. Raccoon, leaking 13 million support tickets with personal data, 15,000 employee records, all HackerOne submissions, internal documents and more.
Mr. Raccoon gained access through an Indian BPO, first deploying a remote… pic.twitter.com/cCH74Fjluk
— International Cyber Digest (@IntCyberDigest) April 2, 2026
Entry point traced to third-party BPO vendor
According to the International Cyber Digest, the attacker gained initial access through an Indian Business Process Outsourcing firm contracted by Adobe. The breach reportedly began with a phishing email sent to a BPO employee, which led to the deployment of a Remote Access Tool on the system.
Once inside, the attacker is said to have expanded access by targeting the employee’s manager through a second phishing attempt. This step allowed broader movement within the network and deeper access to internal systems.
The report further claims that the malware enabled surveillance capabilities, including webcam access and interception of private communications on platforms like WhatsApp.
Large-scale data exposure claimed by attacker
The threat actor alleges that the breach resulted in the extraction of a significant dataset, including support tickets, employee records, and vulnerability reports. The scale of the claimed data exposure is outlined below:
| Data Type | Estimated Volume |
|---|---|
| Support Tickets | 1.3 crore |
| Employee Records | 15,000 |
| HackerOne Submissions | Complete dataset |
| Internal Documents | Multiple files |
Support tickets may contain personal information such as names, email addresses, and account-related details. Such data can be used in targeted phishing campaigns or identity theft attempts.
Concerns over access controls and system design
A key claim made by the attacker highlights a potential access control issue within Adobe’s support systems. The individual stated that agents were able to export all support tickets in a single request.
If verified, this points to a possible misconfiguration in data access permissions and a lack of safeguards such as rate limits or monitoring triggers for bulk data extraction.
Risk extends beyond Adobe systems
The inclusion of HackerOne bug bounty submissions adds another layer of concern. These reports often contain details of vulnerabilities that may not yet be publicly disclosed or patched.
Exposure of such data could increase the risk of exploitation by other threat actors, especially if the information circulates within underground forums.
No official response yet
Adobe has not confirmed or denied the claims so far. Independent verification of the breach remains pending.
Even so, the incident highlights ongoing challenges in managing third-party access and enforcing strict controls across extended enterprise networks. Supply chain compromises continue to emerge as a major threat vector in 2026, with attackers targeting vendors as an entry point into larger organisations.