Adobe Helpdesk Allegdly Breached: Hacker Claims Theft of 13 Million Support Tickets and Employee Data
Learn More
Adobe allegedly suffered a data breach as reported by cybersecurity researchers. A threat actor known as "Mr. Raccoon" claims responsibility for stealing millions of records from the company's support infrastructure. Researchers at vx-underground have verified the legitimacy of the compromise based on leaked samples and screenshots.
The breach allegedly originated from a third-party Business Process Outsourcing (BPO) provider.
The attacker supposedly gained access by infecting a BPO employee's workstation with a Remote Access Tool (RAT). Adobe has not released a statement confirming the breach.
Per the alleged breach sequence, the breach of the workstation allowed the threat actor to monitor the employee's actions, and even take a photo of the employee using the laptop camera. After establishing the initial foothold, the attacker used social engineering to phish a manager, enabling privilege escalation within the support infrastructure. Finally, the actor exploited a functional flaw in the helpdesk software that allowed an agent to export all support tickets in a single request, facilitating mass data exfiltration.
The compromised data includes:
- 13 million support tickets containing customer personal data and billing inquiries
- 15,000 employee records and account details
- Internal documents and SharePoint files from OneDrive
- All HackerOne vulnerability disclosure submissions
- Private communications and captured webcam footage of staff
The threat actor claims to have accessed approximately 13 million records. The breach is not confirmed by Adobe.
Adobe appears to had its helpdesk systems isolatd from its core internal production networks, which likely prevented the compromise of other systems. External researchers are currently monitoring dark web forums for further leaks of the stolen HackerOne data.
Security professionals recommend that Adobe customers monitor their accounts for targeted phishing attempts that may use specific ticket details to gain trust.
