IT services giant Accenture has confirmed a security breach after a threat actor began offering stolen data for sale on a cybercrime forum.
What Happened
On July 6, 2026, a hacker operating under the handle “888” posted on PwnForums claiming to have breached Accenture and stolen “just over 35gb of source codes”. The post was framed as a “One Time Sale,” with payment accepted exclusively in Monero (XMR).
The actor shared a screenshot as proof—showing a git clone operation against an Azure DevOps repository hosted under an accenture.com production URL. The repository was named “121123_AtriasTalentAcademy”.
What Was Stolen?
According to the threat actor, the stolen data includes:
- Source code
- RSA keys
- SSH keys
- Azure Personal Access Tokens (PATs)
- Azure Storage access keys
- Configuration files
It's worth noting that Accenture has not confirmed the specific data types or the 35GB figure.
Accenture's Response
Accenture acknowledged the incident in a statement to BleepingComputer:
“We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery.”
That's the extent of it. No mention of how attackers gained access, no confirmation of the data volume, and no word on whether customer data was affected. The company declined to elaborate further.
Not the First Time
This isn't Accenture's first rodeo with “888.” In June 2024, the same actor tried to sell data of 32,826 current and former Accenture employees—though the company said the dataset contained only three legitimate names.
Accenture has also faced real incidents before. In 2017, four unsecured AWS S3 buckets exposed sensitive company and client data. In August 2021, the LockBit ransomware gang hit the company, threatening to release stolen data.
What This Means
For organizations using Azure DevOps, this is a reminder to audit access tokens and review repository access logs regularly. Even if Accenture's “isolated” assessment holds up, the incident underscores that proprietary source code and credentials remain high-value targets.
The full scope of this breach remains unclear. For now, treat the claims as unconfirmed—but don't ignore the warning signs.
Tags:
Technology
