A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach

Wait 5 sec.

Accenture confirmed a breach after a hacker claimed to steal 35 GB of source code, keys, and Azure credentials now offered for sale.A threat actor using the handle “888” claimed on the cybercrime forum PwnForums this week to have stolen 35 gigabytes of data from Accenture in July and offered it for sale. Accenture has confirmed a security incident after a threat actor listed 35GB of allegedly stolen source code and cloud secrets for sale. Accenture says it has remediated the source with no operational impact, but has not confirmed scope, exfiltration, or client-data… pic.twitter.com/8bBVvqmpXl— International Cyber Digest (@IntCyberDigest) July 8, 2026“Today I am selling the Accenture Data Breach, thanks for reading and enjoy!” reads the post published by the threat actor.The company confirmed the breach; its statement was brief and didn’t address most of the specific claims.“We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery,” an Accenture spokesperson told the media. The professional services and consulting giant did not provide details about the incident. How the attacker got in, what exactly was taken, and whether any client data was involved remain unanswered.The data allegedly includes source code, RSA keys, SSH keys, Azure personal access tokens, Azure Storage access keys, and configuration files. The threat actor shared a screenshot that appears to show the cloning of an Azure DevOps repository named “121123_AtriasTalentAcademy”, hosted on a partially redacted accenture.com domain. The real danger isn’t the headline number: SSH and Azure keys can silently authenticate into client environments, config files map production architectures, and source code reveals how client systems were built. Together, they hand attackers a ready-made blueprint. The consulting firm says operations are unaffected but hasn’t confirmed whether client environments were exposed.The same threat actor, “888,” previously tried to sell Accenture employee data in 2024 following a third-party breach. In 2021, the LockBit ransomware gang hit Accenture and stole data from its systems. Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, data breach)