Speculation mounts over alleged Adobe breach as threat actor claims theft of 13M support tickets
Cybersecurity analysts on X have reported an alleged breach at Adobe that may have exposed sensitive data from the company’s helpdesk system, including 13 million support tickets and 15,000 employee records. The incident is not officially confirmed yet.
The only source currently reporting this alleged incident is International Cyber Digest, an X account by cybersecurity analysts who publish a weekly newsletter.
Their claims are based on direct communication with the threat actor, who operates under the moniker “Mr. Raccoon.”
“Adobe has been breached by threat actor Mr. Raccoon, leaking 13 million support tickets with personal data, 15,000 employee records, all HackerOne submissions, internal documents, and more,” International Cyber Digest (ICD) claims.
Adobe hasn’t addressed the claims yet. Cybernews has reached out to the company for comment and will include its response.
To support the credibility of the allegations, the threat actor shared some supporting screenshots.
One of the images shows an alleged Adobe Internal OneDrive (SharePoint) with folders such as Desktop, Documents, Meetings, etc., and access to multiple customer experience-related documents. It suggests a compromised support employee’s account. Another screenshot displays captured webcam footage of a targeted employee.
ICD says it reviewed multiple files to confirm the scope of the breach. The threat actor likely delivered a remote access trojan (RAT) malware via email.
Malware researchers at vx-underground consider that the claimed compromise appears legitimate. However, they emphasize an important distinction – attackers did not gain access to the company’s internal networks, and the alleged breach is limited to its helpdesk system.
It is likely that a third-party employee at a business process outsourcing provider was compromised by infostealer malware. The sensitivity of the data the threat actor accessed remains unclear. The reported 13 million support tickets figure could include both simple questions and more consequential interactions, such as billing issues.
Dark Web Intelligence analysts suggest that the initial compromise was likely followed by phishing escalation.
While the validity of the threat actor’s claims remains unclear, the Cybernews research team cautions Adobe customers who have recently interacted with the company to remain vigilant about any unsolicited communications.
“Support tickets more often than not contain customer information, including the products they use, and a large number of these tickets could be related to billing/refund issues people encounter. All of this information would be useful for malicious actors to craft more convincing phishing emails,” our researchers explain.
“Similar risks apply with exposed employee information, only in this case, attacks would be crafted towards the company instead. Meanwhile, HackerOne submissions would give detailed information on the company’s security landscape in general, e.g., which vulnerabilities are not yet patched.”
Mr. Raccoon appears to be a new or a low profile threat actor with no established prior track record. The name overlaps with Raccoon Stealer (RAT), an infostealer malware-as-a-service that is well-documented and has been available by subscription since 2019. However, the two are unlikely to be related.
Unlock more exclusive Cybernews content on YouTube.
