Accenture Data Breach: Attackers Claim 35GB Source Code Stolen
Key Takeaways A threat actor named “888” claims to have stolen 35GB of source code and credentials from Accenture. The alleged stolen data includes source code, RSA keys, SSH keys, Azure...
Key Takeaways
- A threat actor named “888” claims to have stolen 35GB of source code and credentials from Accenture.
- The alleged stolen data includes source code, RSA keys, SSH keys, Azure Personal Access Tokens (PATs), Azure Storage Access Keys, and configuration files.
- Accenture has acknowledged an “isolated matter” and stated the source has been remediated, with no impact on operations.
- The actor is offering the data for a “One Time Sale” exclusively in Monero (XMR).
Accenture Reportedly Hit by 35GB Source Code Theft, Threat Actor “888” Claims
A prominent cybercrime forum has become the stage for a new claim of data theft against global IT and consulting giant Accenture. A threat actor, identified by the alias “888,” posted an advertisement on July 6, 2026, alleging the compromise of approximately 35 gigabytes of Accenture’s source code and associated credentials.
Table Of Content
Details of the Alleged Breach
According to the forum post, the breach occurred in July 2026, resulting in the exfiltration of a significant volume of sensitive company data. The actor claims the stolen material encompasses a broad range of critical assets, including proprietary source code, RSA keys, SSH keys, Azure Personal Access Tokens (PATs), Azure Storage Access Keys, and various configuration files essential to Accenture’s operations.
This incident would mark a repeat attempt by “888” against Accenture. The same actor reportedly targeted the company in an unconfirmed incident in 2024, which Accenture publicly refuted at the time.
Evidence Presented by the Attacker
To substantiate the claims, “888” included a screenshot within the forum listing. This image purportedly displays command-line output from an Azure DevOps environment. The output shows what appears to be a curl request directed at a “dev.azure.com” endpoint, immediately followed by a git clone operation.
The screenshot further reveals references to a repository named “121123_AtriasTalentAcademy,” which is described as being hosted under a redacted accenture.com production URL. Accompanying this are various project metadata, visibility flags, and remote URLs pertinent to Azure Repos. The partial git clone operation depicted in the sample shows thousands of objects being received at speeds of tens of megabytes per second, which the actor presents as live proof of access to a private repository.
Sale of Stolen Data and Accenture’s Response
The threat actor is marketing the alleged stolen data as a “One Time Sale,” specifying that transactions will only be accepted in Monero (XMR), a privacy-centric cryptocurrency often favored in illicit online marketplaces to anonymize financial trails. As of current reports, no specific price for the data has been publicly disclosed.
Accenture has acknowledged the situation. In a statement provided to BleepingComputer, the company confirmed, “We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery.” However, Accenture has not verified the precise scope or the specific types of data claimed by “888.”
What You Should Do
- Organizations should treat the specific data types and volume claimed by the threat actor as unconfirmed until further forensic evidence or a confirmed data sample leak emerges.
- Companies utilizing Azure DevOps are strongly advised to immediately review their Personal Access Token (PAT) rotation policies and conduct thorough audits of repository access logs as a precautionary measure, especially given the credential types referenced in the alleged sample.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.