Software giant Adobe faces a shocking hack: 13 million records of personal information and 15,000 employees’ records leaked—an Indian outsourcing contractor is the entry point.

Software giant Adobe faces a shocking cyberattack by hackers known as “Mr. Raccoon.” The attackers carried out a supply chain attack through an Indian outsourcing contractor, stealing 13 million customer support tickets, employee records, and confidential HackerOne information.
(Background summary: Elliptic report: Drift Protocol “$280 million theft” — the culprit is suspected to be a North Korean hacker! Cross-chain money laundering methods are too professional)
(Additional background: TrueBit protocol appears to have been hit by a hacker attack! 8,535 ETH moved out abnormally, and $TRU instantly halved)

Table of Contents

Toggle

• Indian outsourcing firm becomes the weak link, with malware and phishing hitting at the same time
• System vulnerabilities exploited, tens of millions of records emptied in an instant
• Official statements have not yet been confirmed; experts urge users to change passwords as soon as possible

Global software giant Adobe has erupted with a major cybersecurity crisis. Since April 2, cybersecurity communities have widely circulated a devastating attack launched by a hacker who calls themself “Mr. Raccoon.” According to publicly available screenshots and information, the hacker has successfully infiltrated Adobe’s systems and stolen extremely sensitive internal data. The incident involves as many as 13 million customer support tickets (Support Tickets) containing personal data, 15,000 records of Adobe employees, and even the complete detailed reporting contents of the HackerOne bug bounty program have all been leaked.

🚨‼️ BREAKING: Adobe has been breached by threat actor Mr. Raccoon, leaking 13 million support tickets with personal data, 15,000 employee records, all HackerOne submissions, internal documents and more.

Mr. Raccoon gained access through an Indian BPO, first deploying a remote… pic.twitter.com/cCH74Fjluk

— International Cyber Digest (@IntCyberDigest) April 2, 2026

Indian outsourcing firm becomes the weak link, with malware and phishing hitting at the same time

This attack did not come from a direct breach of Adobe’s tightly secured core systems. Instead, it used the industry’s hardest-to-prevent “supply chain attack” (Supply Chain Attack). The hackers targeted an Indian business process outsourcing (BPO) company responsible for handling Adobe’s customer support operations. First, the attackers sent a disguised phishing email to a BPO employee. After successfully installing a remote access trojan (RAT), they gained full control not only of that employee’s workstation and network cameras, but also had access to the employee’s private WhatsApp chat history.

After establishing a foothold, the hackers then used that employee’s identity to launch targeted internal phishing attacks against their supervisor, thereby obtaining higher levels of system access permissions. This incident once again highlights that when companies outsource core business functions to a third party, if the supplier’s security protections are weak, it can become the biggest weak point in the entire organization’s security network.

System vulnerabilities exploited, tens of millions of records emptied in an instant

After obtaining elevated privileges, the hackers immediately found a fatal design flaw in Adobe’s customer support system. The hackers mocked that the system allowed an agent to export all tickets at once. This means that the backend lacked effective rate limiting or large-scale export auditing mechanisms, enabling the attackers to completely drain the 13 million records containing users’ names, contact information, and problem descriptions without obstruction.

In addition, the leakage of HackerOne vulnerability report contents is even more destructive. This suggests the hackers very likely already have knowledge of system weaknesses at Adobe that have not yet been patched, as well as confidential information about internal operations—potentially causing even more severe follow-up secondary attacks and extortion threats in the future.

Official statements not yet confirmed; experts urge users to change passwords as soon as possible

As of now, Adobe has not issued any public statement about this major cybersecurity incident on its official website or community platforms. However, this hacker intrusion has sparked a major uproar in the community, with many netizens strongly criticizing Adobe for outsourcing core customer service to a third party with poor cybersecurity oversight. If the data leak is confirmed, Adobe could face hefty fines under international privacy regulations such as GDPR and CCPA, as well as a serious loss of user trust.

Cybersecurity experts strongly recommend that all Adobe users change their account passwords as soon as possible, enable two-factor authentication (MFA), and closely monitor whether personal credit cards and accounts show any abnormal activity. Especially for users who previously submitted support tickets to official channels, extra vigilance is needed to prevent hackers from using leaked data for highly targeted phishing scams.