InfoSecBulletin Cybersecurity for mankind
A bad actor named “Mr. Raccoon” claims to breach Adobe leaking 13 million support tickets with personal data, 15,000 employee records, all HackerOne bug bounty reports, and various internal documents, as stated in a report by International Cyber Digest.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The threat actor said the intrusion didn’t start inside Adobe. Instead, Mr. Raccoon reportedly got in through an Indian BPO company that Adobe hired. This shows the rising risks in working with outside vendors.
Attack Chain Via BPO:
The attacker used a Remote Access Tool (RAT) on a BPO worker’s computer through a harmful email. After getting in, Mr. Raccoon tricked the worker’s manager into giving access, gaining more control in the network.
The RAT setup gave the attacker access to the employee’s webcam and let them read private messages on WhatsApp.
Perhaps the most alarming disclosure came directly from Mr. Raccoon, who told International Cyber Digest: “They allowed you to export all tickets in one request from an agent.” This suggests a significant access control misconfiguration within Adobe’s support ticketing platform — one that allowed bulk data extraction without triggering adequate security controls or rate-limiting mechanisms.
Support tickets usually have customer names, email addresses, account info, and details about technical problems. This is very valuable for phishing and identity theft.
The HackerOne submissions are very alarming because they have private vulnerability reports. These reports could be used by other attackers before fixes are made.
Adobe has not yet issue a clear statement about the breach. If it’s true, this event would be one of the biggest data leaks. It raises serious questions about how well third-party vendors are checked, managing access in support areas, and the dangers of allowing too much data to be exported in company ticketing systems.
Security teams in different fields should check their own BPO and contractor access paths, review permissions for data exports, and be alert for any credential or vulnerability information from this suspected breach showing up on dark web sites.
