Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen roughly 35 GB of internal data, including source code and sensitive development credentials. The company said it contained the incident, remediated its source, and found no impact on its operations or customer service delivery.
The hacker, using the alias “888,” advertised the alleged dataset for sale on a cybercrime forum earlier this week. According to the listing, the archive includes source code, RSA and SSH keys, Azure Personal Access Tokens, Azure Storage access keys, configuration files, and other development-related data.
Accenture confirmed that it investigated the claims after being contacted by reporters. In a statement, the company said it identified a security incident, addressed its source, and determined that the compromise did not disrupt business operations or affect customer service. The company has not disclosed how the attacker gained access or whether any customer information was involved.
Researchers who examined samples released by the threat actor said the preview did not include actual source code. Instead, it reportedly contained a directory listing of internal projects along with references to numerous .env files, which are commonly used to store API keys, authentication tokens, and other secrets. If authentic, those files could provide attackers with access to internal development resources if the credentials remain valid.
The threat actor also claims the stolen data includes credentials tied to Microsoft Azure services. Security experts note that exposed cloud credentials can present a greater risk than source code alone because they may enable unauthorized access to development environments, storage accounts, or other cloud infrastructure if they have not been revoked.
At this stage, there is no independent confirmation that the entire advertised dataset is genuine. While Accenture has acknowledged the security incident, the company has not verified the hacker’s claims regarding the volume of stolen data or the specific files allegedly taken.
The incident marks the latest time Accenture has dealt with publicly disclosed security claims. In 2021, the company confirmed that proprietary information had been stolen during a LockBit ransomware attack. More recently, in 2024, a threat actor also attempted to sell what was described as Accenture employee data, although the company disputed the scope of that incident and said only three individuals were affected.
