An alleged 832GB dataset belonging to Adobe is now circulating on hacker forums, threatening the company with an increase in phishing attacks and enterprise espionage.
Threat actors are advertising an enormous 832GB dataset allegedly tied to Adobe Business and several major enterprise marketing platforms on a well-known hacker forum.
The attackers' post suggests that the stolen dataset may expose sensitive corporate contact and customer engagement data.
According to the underground post, the allegedly exposed data is associated with:
- Adobe Experience Cloud
- Adobe Analytics
- Adobe Commerce (Magento)
- Adobe Experience Manager
- Adobe Firefly
- Adobe Marketo Engage
The post also references information allegedly tied to several third-party email and marketing providers frequently integrated into enterprise workflows, including:
- SendGrid
- HubSpot
- Mailgun
- Mailjet
- Brevo
- Mandrill
- Mailchimp
What Adobe data was breached?
According to the attackers, the dataset may include:
- Email addresses
- Phone numbers
- Marketing records
- CRM-style datasets
- Company and industry metadata
- Customer engagement information
- Lead generation and automation-related data
To support their claims, the threat actors published several sample files, which we have reviewed. The data samples included:
- A file containing 560 phone numbers
- A file containing 482 email addresses, primarily linked to corporate domains
- A file containing 43 alleged CRM-style records
- One additional empty file
The CRM-related entries allegedly included full names of employees and fragmented contact information.
Our researchers noted that some address and metadata fields appeared duplicated across multiple records, making it difficult to determine how representative the samples are of the broader dataset.
The scale of the alleged dataset suggests potential risks for organizations relying on interconnected marketing and CRM ecosystems.
The data could be used for further attacks
Cybernews researchers warn that attackers increasingly rely on cross-referencing fragmented datasets to build highly detailed profiles of employees, departments, vendors, and enterprise customers. These profiles can later be used in social engineering and supply chain attacks.
“Such exposed data could put Adobe users at risk of social engineering attacks,” our researchers warned.
“Attackers could also cross-reference the data with other leaked datasets to create better profiles of people.”
At this stage, researchers say the samples alone are insufficient to confirm the full scale of the alleged breach independently.
While the authenticity of the claims remains unverified, Cybernews has reached out to Adobe for a comment. A response has not yet been received.
For the second time this year, Adobe has been targeted
If these claims turn out to be the result of a fresh data breach, it will be the second time this year that Adobe has suffered a cyberattack.
Just last month, on April 3rd, 2026, a threat actor going by the handle "Mr. Raccoon" allegedly breached Adobe's helpdesk system, claiming to have walked away with 13 million customer support tickets, 15,000 employee records, every HackerOne submission ever filed, and a trove of internal documents.
The Cybernews community is talking about this. Be a part of the conversation.
Researchers at vx-underground emphasized that Adobe's internal networks were likely not penetrated. The most plausible entry point, according to them, was an infostealer or RAT malware delivered by email to a third-party business-process-outsourcing employee handling Adobe support tickets.
The Adobe Commerce platform also suffered significantly from the CosmicSting campaign. Seven distinct threat actors exploited a critical XXE flaw (CVE-2024-34102) on unpatched Adobe Commerce and Magento installations.
Attackers planted payment-card skimmers on checkout pages, with Sansec estimating that in total, 5% of every Adobe Commerce and Magento store on the internet ended up compromised.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked