Accenture Confirms Breach After Hacker Claims Theft of 35GB Source Code

Accenture acknowledged a security incident after a threat actor posted claims of stealing 35GB of source code, RSA and SSH keys, and Azure access tokens from an internal DevOps repository.

Incident Response Supply Chain

A threat actor using the handle “888” posted on the cybercrime forum PwnForums claiming to have stolen just over 35GB of source code from Accenture, along with RSA keys, SSH keys, Azure personal access tokens, Azure Storage access keys, and configuration files. The post included a screenshot purporting to show exfiltration from a private Azure DevOps repository tied to an accenture.com production URL. Accenture has confirmed a security incident but has not verified the full scope or specific data types the threat actor claims to have taken.

The same actor previously attempted to sell Accenture employee data connected to a separate 2024 third-party breach, suggesting a pattern of targeting the company specifically rather than a one-off opportunistic hit.

What makes this incident notable operationally is the asset mix: source code theft is bad on its own, but RSA/SSH keys and cloud access tokens turn a code leak into a potential foothold for further intrusions — both into Accenture’s own environment and into any downstream client systems those credentials touch. Consulting and systems integration firms sit inside a large number of customer environments, which is exactly why credential and key exposure at this layer deserves fast, cross-organizational attention rather than being treated as someone else’s incident.

If Accenture has access to your systems, credentials, or repositories, treat any shared secrets, API keys, or federated access as potentially compromised until you’ve confirmed otherwise with them directly. Rotate anything they could plausibly have touched, and review authentication logs for access originating from Accenture-associated accounts or IP ranges over the past several weeks.

Why it matters: This is a supply-chain exposure, not just an Accenture problem — if Accenture is a vendor or systems integrator in your environment, ask them directly whether any of your credentials, access keys, or integration code were stored in the affected repository.

Read source →