13 Million Records at Risk in Suspected Adobe Cyberattack – How to Protect Yourself

The data of millions of Adobe users is at risk as a threat actor known as “Mr. Raccoon” has claimed responsibility for a major cyberattack, potentially exposing millions of sensitive records. According to reports, the attacker alleges that around 13 million customer support tickets, 15,000 employee records, and internal documents were extracted from the company’s systems. The claim has not yet been officially confirmed by Adobe, but it has raised serious concerns across the cybersecurity community.

The breach appears to have originated not from Adobe’s core infrastructure, but through a third-party vendor. The attacker reportedly gained initial access via an Indian Business Process Outsourcing (BPO) firm that provides services to Adobe. This type of attack, often referred to as a supply chain compromise, highlights how external partners can become entry points for cybercriminals.

13 Million Records at Risk in Suspected Adobe Cyberattack – How to Protect Yourself

According to the details shared, the attacker used a phishing email to infect a BPO employee’s computer with a Remote Access Tool (RAT). This malicious software allowed unauthorized access to the system. Once inside, the attacker expanded control by targeting the employee’s manager through another phishing attempt. It increases their reach within the network.

The level of access reportedly gained is particularly alarming. The attacker claimed to have been able to monitor communications and even access the employee’s webcam. This suggests a deep level of system compromise and raises questions about endpoint security and monitoring practices within vendor environments.

One of the most concerning aspects of the alleged breach is the ease with which data could be extracted. The attacker stated that the system allowed bulk export of support tickets in a single request. If true, this points to a serious misconfiguration in access controls. Support tickets often contain personal information such as names, email addresses, and account details, making them highly valuable for phishing attacks and identity theft.

In addition to customer data, the breach reportedly includes submissions from HackerOne. These submissions typically contain details of security vulnerabilities that have not yet been publicly disclosed. If such information falls into the wrong hands, it could be exploited before fixes are implemented, increasing the risk of further attacks.

Cybersecurity experts note that this incident, if confirmed, underscores the growing risks associated with third-party vendors. Companies often rely on external partners for support and operations, but these relationships can introduce vulnerabilities if not properly managed. Weak access controls, insufficient monitoring, and a lack of strict data handling policies can all contribute to such breaches.

See Also: Hackers Can Abuse Copilot and Grok as Invisible AI Malware Channels: Check Point Research

The situation also highlights the importance of limiting data access and implementing safeguards such as rate limiting and audit logs. Systems that allow unrestricted data exports can become easy targets for attackers once access is gained.

As of now, Adobe has not released an official statement regarding the claims. However, organizations across industries are being advised to review their own security practices. This includes auditing vendor access, strengthening phishing defenses, and ensuring that sensitive data cannot be easily extracted in large volumes.

If verified, this breach could become one of the most significant cybersecurity incidents of 2026. It serves as a reminder that in today’s interconnected digital environment, security is only as strong as the weakest link in the chain.