Accenture, a global leader in IT services and consulting, has confirmed a security breach following claims by a hacker known as “888” of stealing 35 GB of internal data, including source code and sensitive credentials.
On July 6, 2026, “888” posted on the cybercrime forum PwnForums, alleging that they had infiltrated Accenture’s systems earlier that month. The hacker claimed to have exfiltrated source code, RSA and SSH keys, Azure Personal Access Tokens, Azure Storage Access Keys, and internal configuration files. To substantiate these claims, “888” shared a screenshot purportedly showing a private Azure DevOps repository associated with an Accenture domain. The data was offered for a one-time sale, payable exclusively in Monero cryptocurrency.
In response, Accenture acknowledged the incident, describing it as isolated and stating that the source of the breach had been remediated. The company emphasized that there was no impact on its operations or service delivery. However, Accenture did not confirm the specific details of the data allegedly compromised.
This incident is not the first time Accenture has faced security challenges. In August 2021, the company was targeted by the LockBit ransomware group, which claimed to have stolen over 6 TB of data and demanded a $50 million ransom. Additionally, in 2017, security researchers discovered unsecured AWS S3 storage buckets containing sensitive information about Accenture’s Cloud Platform and its clients.
The exposure of source code and access keys is particularly concerning, as it could provide attackers with insights into internal application logic and potential vulnerabilities. Such information might be exploited to gain unauthorized access to systems or to craft more effective phishing campaigns. The inclusion of Azure Personal Access Tokens and Storage Access Keys in the stolen data could further facilitate unauthorized access to cloud infrastructure and code repositories.
Given Accenture’s extensive client base, which includes a significant portion of the Fortune Global 500, the potential ramifications of this breach are substantial. Clients may be at risk if the stolen data includes information about their systems or if the breach leads to further attacks leveraging the compromised credentials.
In light of this incident, organizations are reminded of the critical importance of robust cybersecurity measures, including regular audits of access controls, timely rotation of credentials, and comprehensive monitoring of code repositories. As cyber threats continue to evolve, proactive defense strategies are essential to safeguard sensitive information and maintain trust with clients and partners.