{"id":14172,"date":"2026-07-09T10:03:36","date_gmt":"2026-07-09T10:03:36","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/07\/09\/accenture-confirms-data-breach-hacker-claims-theft-of-internal-source-code\/"},"modified":"2026-07-09T10:03:36","modified_gmt":"2026-07-09T10:03:36","slug":"accenture-confirms-data-breach-hacker-claims-theft-of-internal-source-code","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/07\/09\/accenture-confirms-data-breach-hacker-claims-theft-of-internal-source-code\/","title":{"rendered":"Accenture Confirms Data Breach \u2013 Hacker Claims Theft of Internal Source Code"},"content":{"rendered":"<p>    Accenture Confirms Data Breach \u2013 Hacker Claims Theft of Internal Source Code<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">IT services and consulting giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other sensitive data from the company.<\/p>\n<p class=\"wp-block-paragraph\">A threat actor operating under the alias \u201c888\u201d posted a listing on the cybercrime forum PwnForums on July 6, 2026, offering the alleged Accenture data for a one-time sale, payable only in Monero (XMR); at Cybersecuritynews, <a href=\"https:\/\/cybersecuritynews.com\/accenture-data-breach\/\" target=\"_blank\" rel=\"noreferrer noopener\">we reported on this alleged claim Yesterday<\/a>.<\/p>\n<p class=\"wp-block-paragraph\">The post claimed that \u201cIn July 2026, Accenture suffered a data breach which resulted in just over 35 GB of source codes getting stolen from the company\u201d.<\/p>\n<p class=\"wp-block-paragraph\">According to the actor, the exfiltrated haul spans source code, RSA keys, SSH keys, Azure Personal Access Tokens (PATs), Azure Storage Access Keys, and internal configuration files.<\/p>\n<p class=\"wp-block-paragraph\">As proof of possession, \u201c888\u201d posted a screenshot that appears to show a private Azure DevOps repository hosted under an accenture.com domain, along with what appears to be a \u201cgit clone\u201d command pulling from an internal \u201cAtriasTalentAcademy\u201d repo listed as private with visibility restrictions.<\/p>\n<p class=\"wp-block-paragraph\">When contacted by CybersecurityNews, Accenture confirmed the incident but declined to validate the scope or specific data types cited by the attacker. A company spokesperson stated: \u201cWe are aware of this isolated matter, and we have remediated its source.<\/p>\n<p class=\"wp-block-paragraph\">There is no impact to Accenture operations and service delivery\u201d. The company has not disclosed whether production source code or client-facing credentials were part of the compromised material. Security researchers note that no independent forensic analysis or leaked data sample has yet been published to verify the full scope of the claims.<\/p>\n<p class=\"wp-block-paragraph\">This is not \u201c888\u201d\u2018s first alleged run at Accenture. In June 2024, the same actor tried to sell a dataset described as belonging to 32,826 current and former Accenture employees, claiming it stemmed from a third-party breach.<\/p>\n<p class=\"wp-block-paragraph\">Accenture publicly disputed that claim at the time, stating its own analysis found the leaked set contained \u201conly three names and Accenture email addresses\u201d and no other Accenture-related information.<\/p>\n<p class=\"wp-block-paragraph\">Separately, <a href=\"https:\/\/cybersecuritynews.com\/accenture-hacked-lockbit-2-0-ransomware\/\" target=\"_blank\" rel=\"noreferrer noopener\">Accenture was hit by the LockBit<\/a> ransomware gang in August 2021, when attackers claimed to have stolen over 6TB of data and demanded a $50 million ransom.<\/p>\n<p class=\"wp-block-paragraph\">The mix of data types claimed in this latest incident is notable because Azure PATs, storage access keys, and SSH\/RSA keys, if genuine and unrotated, could allow further lateral access into cloud infrastructure or code repositories beyond the initial breach point.<\/p>\n<p class=\"wp-block-paragraph\">Source code exposure also raises concerns around potential hardcoded secrets or intellectual property leakage, though Accenture has stated there is no impact on operations or service delivery.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 87%,rgb(169,184,195) 100%)\"><strong>Stop Accepting SLAs Written for 2019 SOCs \u2013 Here\u2019s the 2026 AI SLA <strong>Vendor<\/strong> Checklist<\/strong> \u2013 <strong><a href=\"https:\/\/underdefense.com\/ai-soc-sla-in-2026-mttr-benchmarks-clause-tables-negotiation-checklist\/?utm_source=cybersecuritynews.com&amp;utm_medium=online_media&amp;utm_campaign=csn_linkedin_newsletter_aisoc_sla_july_2026\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Download Free <strong>AI SOC SLA <\/strong>Guide<\/a><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/accenture-confirms-data-breach\/\">Accenture Confirms Data Breach \u2013 Hacker Claims Theft of Internal Source Code<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Guru Baran<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/accenture-confirms-data-breach\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Accenture Confirms Data Breach \u2013 Hacker Claims Theft of Internal Source Code IT services and consulting giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other sensitive data from the company. A threat actor operating under the alias \u201c888\u201d posted a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,156],"tags":[130],"class_list":["post-14172","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-data-breach","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14172"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=14172"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14172\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=14172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=14172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=14172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}