Accenture Confirms Security Incident After Hacker Claims 35GB Source-Code Theft

Accenture has confirmed it is investigating a security incident after a cybercriminal put what they describe as a large trove of the company's internal data up for sale. The consulting and technology firm said it is aware of the matter and has already dealt with its source, but it has not confirmed that any data was actually taken.
The listing appeared in early July on a cybercrime forum, where a seller using the handle "888" claimed to have breached Accenture and walked away with just over 35GB of source code. The post advertised the material to potential buyers.
The seller says the cache extends well past source code. It supposedly also contains RSA and SSH keys, Azure personal access tokens, Azure Storage access keys, and a range of configuration files. As proof, the post included screenshots, one of which appeared to show a private Azure DevOps repository, named 121123_AtriasTalentAcademy, being cloned from a redacted address hosted on Accenture's own infrastructure.
A screenshot can lend weight to a claim of repository access, but it does not establish the total volume of stolen data or verify that every file type in the listing is genuine. For now, the seller's inventory remains unproven.
Accenture has characterized the situation as an isolated issue and said it remediated the source, adding that client operations and service delivery were not affected. Beyond that, the company has left key questions unanswered: it has not confirmed how much data was taken, whether the source code and keys are authentic, whether any of the exposed credentials were still active, how the attacker gained access, or whether customer data was involved. Until those details emerge, the confirmed incident is narrower than the seller's advertisement suggests.
The nature of the claimed data is what sets this apart from an ordinary breach. A leaked list of names and emails typically fuels phishing or fraud. Source code and cloud credentials are a different category of exposure. Code can reveal how internal tools are built and how systems connect, while tokens and storage keys, if still valid, can act like keys to live environments, potentially letting an intruder reach development tools or cloud storage without having to break in a second time.
That is also why stolen engineering data can keep causing harm long after an incident is declared contained. Attackers can comb source code for vulnerabilities, test whether old credentials still work, and borrow internal naming conventions to make future phishing far more convincing. Configuration files and connection details can point them toward vendors, customers, or shared infrastructure. In other words, a single breach can become the blueprint for the next one.
Firms like Accenture are attractive precisely because of where they sit. Large consulting and services companies operate close to the systems that keep major enterprises and governments running, from cloud platforms and identity tools to codebases and transformation projects. A single foothold can offer outsized insight into how those environments are assembled and secured, even when it does not translate into direct client compromise.
The company has weathered security scares before. In 2017, researchers discovered misconfigured cloud storage buckets exposing details about an Accenture platform and its customers. In 2021, the LockBit ransomware group struck the firm and threatened to publish stolen files. And in 2024, the same "888" persona attempted to sell what was billed as data on tens of thousands of employees, a claim Accenture later said was almost entirely inaccurate.
With the scope still unverified, the practical response for organizations that depend on outside development partners is familiar: rotate any credentials that could plausibly be exposed, much like changing the locks after losing a master key, tighten and review access to source-code repositories, and watch for unusual logins or unexpected changes to build and deployment settings while the situation is assessed.





