Cyber Incident Victim: Adobe Inc.

According to the International Cyber Security News report, a threat actor identified as ‘Mr. Raccoon’ allegedly gained initial access to Adobe’s network by targeting an Indian Business Process Outsourcing firm that was contracted to provide support operations for the company. The attacker is said to have delivered a Remote Access Tool to an employee of the BPO through a phishing email, which allowed the establishment of a foothold within the contractor’s environment. From that foothold, the actor reportedly pivoted laterally to compromise a manager’s account within the BPO, using the elevated privileges to move deeper into the connected systems. The compromised manager account then served as a stepping stone to reach Adobe’s internal helpdesk environment, where the attacker could interact with Adobe’s support infrastructure. Once inside the helpdesk system, the actor is said to have exploited a configuration that permitted a single support agent to export all available tickets in one request, enabling a large‑scale data extraction. The report notes that Adobe has not publicly confirmed or denied the occurrence of this breach, leaving the details reliant on the alleged actor’s claims and the third‑party source.

The alleged exfiltration is described as encompassing approximately 13 million customer support tickets, around 15,000 employee records, and the complete set of submissions made to Adobe’s HackerOne bug bounty program at the time of the incident. The data contained within those tickets reportedly included customer names, email addresses, account identifiers, internal technical notes, and unpublished vulnerability reports that had not yet been patched or disclosed publicly. The employee records are said to have comprised personal information such as names and contact details associated with Adobe staff. The HackerOne submissions, which detail privately reported security flaws, are characterized in the source as particularly damaging because they could be weaponized before Adobe releases corresponding fixes. The breach cause is characterized in the article as a supply‑chain compromise originating from the third‑party BPO, with the attack chain beginning with phishing and proceeding through privilege escalation to reach the helpdesk export function.

The source material does not provide further specifics regarding how Adobe detected the alleged activity, what containment measures were undertaken, or any public remediation steps that may have followed the incident. It also does not disclose any official statements from Adobe confirming the breach’s validity, the timeline of discovery, or the extent of any internal investigation. Consequently, the narrative is limited to the claimed sequence of events, the asserted scale of data exposure, and the stated breach cause as presented in the International Cyber Security News article, with no additional details on response actions or consequences available from the provided evidence.