Accenture confirms breach after hacker offers stolen data for sale

Global IT services firm Accenture has confirmed a security breach after a threat actor claimed to have stolen 35 gigabytes of data, including source code. The company stated that the matter has been addressed and does not impact its operations or service delivery.
The breach came to light when a threat actor known as "888" posted on a cybercrime forum offering the stolen data for sale. The actor claimed the data was exfiltrated in July and included source code, RSA keys, SSH keys, Azure personal access tokens, Azure Storage access keys, and configuration files.

To substantiate their claims, the threat actor provided a screenshot purportedly showing the cloning of an Azure DevOps repository hosted on an Accenture domain. The repository was named "121123_AtriasTalentAcademy." The full extent of the data compromised could not be independently verified.
Accenture acknowledged the breach but did not confirm the specific volume or types of data allegedly accessed or stolen by the threat actor. The company also did not provide details on the initial access method used by the attackers or whether any customer data was affected.
This incident follows a previous attempt by the same threat actor to sell Accenture employee data in 2024, which was linked to a third-party breach. Accenture also experienced a significant data breach in 2021, when the LockBit ransomware group exfiltrated data from its systems.

Accenture is a multinational professional services company offering consulting, technology, cloud, engineering, and managed services to a global clientele of businesses and governments.
The ongoing investigation into the breach may yield further details, and updates will be provided as more information becomes available.





