Accenture confirms security incident after hacker claims theft of 35 GB of source code
Consulting giant Accenture confirmed an isolated security incident in early July 2026 after a threat actor using the handle '888' offered roughly 35 GB of allegedly stolen source code, keys and cloud credentials for sale on a cybercrime forum.
- Victim
- Accenture
On 8 July 2026, Accenture โ the Dublin-headquartered professional services and technology consulting giant with more than 750,000 employees worldwide โ confirmed it had experienced an isolated security incident after a threat actor began offering data allegedly stolen from the company for sale. The claim surfaced on 6 July 2026, when an actor using the handle "888" posted on the cybercrime forum PwnForums, advertising "just over 35gb of source codes" said to have been taken from Accenture.
According to the actor's listing, the trove included source code, RSA keys, SSH keys, Azure personal access tokens, Azure Storage access keys, and configuration files. As proof, "888" attached a screenshot said to show a private Azure DevOps repository hosted on an accenture.com-associated production URL. The actor put the data up for sale rather than issuing a ransom demand, a pattern consistent with the data-theft-extortion and access-brokering activity that has dominated the cybercrime economy through 2026.
Accenture's response
When contacted by reporters, an Accenture spokesperson said the company was "aware of this isolated matter" and that it had "remediated its source," adding that the incident had been contained and produced no operational or service-delivery impact. The company did not provide further specifics and did not confirm that data had been exfiltrated, leaving the scale and sensitivity of any stolen material unverified beyond the attacker's own claims.
Context
This is not the first time the "888" persona has surfaced in connection with Accenture. In June 2024, the same handle attempted to sell data purportedly belonging to 32,826 current and former Accenture employees, which the company said had been drawn from a third-party breach and, on inspection, contained only three names and Accenture email addresses. The recurrence underscores the persistent targeting of large consultancies, whose repositories can hold code, credentials and configuration data for a broad roster of blue-chip clients โ making even an "isolated" exposure of source code and cloud secrets a potential stepping stone to downstream compromise.
Timeline
A threat actor using the handle '888' posts on the cybercrime forum PwnForums, advertising roughly 35 GB of data allegedly stolen from Accenture for sale.
Accenture confirms it is aware of an isolated matter, says it remediated the source and reports no operational or service-delivery impact.
Sources
- helpnetsecurity.comhttps://www.helpnetsecurity.com/2026/07/08/accenture-data-breach-2026/
- securityweek.comhttps://www.securityweek.com/accenture-confirms-data-breach-after-hacker-claims-source-code-theft/
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/accenture-confirms-breach-after-hacker-offers-stolen-data-for-sale/
- cybernews.comhttps://cybernews.com/security/accenture-data-breach-source-code-leak/
- securityaffairs.comhttps://securityaffairs.com/194962/data-breach/a-hacker-claims-35-gb-of-accenture-source-code-the-company-discloses-the-data-breach.html