IT services giant Accenture has confirmed it suffered a security breach after a threat actor using the handle “888” claimed to have stolen 35 gigabytes of source code and sensitive internal data. The hacker posted the stolen data for sale on a cybercrime forum on July 6, 2026.

What Data Was Stolen
According to the threat actor’s forum post, the stolen data includes source code, RSA keys, SSH keys, Azure Personal Access Tokens (PATs), Azure Storage access keys, and configuration files. To back up the claims, the hacker shared a screenshot showing them cloning an Azure DevOps repository named “121123_AtriasTalentAcademy” hosted under a redacted accenture.com hostname.
“Today I am selling the Accenture Data Breach, thanks for reading and enjoy!” reads the forum post dated July 6, 2026.
Accenture’s Response
Accenture told BleepingComputer: “We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery.” The company did not comment on the specific amount or type of data that may have been accessed or exfiltrated.
Accenture also did not disclose how attackers gained access to the systems or whether any customer data was affected. BleepingComputer could not independently verify the full scope of the data being sold.
The “888” Threat Actor Has History with Accenture
This is not the first time the same threat actor has targeted Accenture. The “888” handle previously attempted to sell Accenture employee data following a third-party breach in 2024. Accenture also suffered a separate data breach in 2021 when the LockBit ransomware gang gained access to its systems.
The repeated targeting of Accenture highlights the ongoing security challenges facing large IT consulting firms that handle sensitive data across multiple enterprise clients. When an organization like Accenture gets breached, the downstream impact can affect thousands of companies that rely on its services.
Implications for Enterprise Security
Stolen RSA and SSH keys give attackers the ability to impersonate authenticated users and servers. Azure PATs and Storage access keys could grant access to cloud-hosted codebases and data repositories. Configuration files often contain credentials, API endpoints, and internal architecture details that make further attacks easier.
CISOs managing organizations that use Accenture’s services should review whether any shared credentials or access tokens were potentially exposed. The presence of Azure DevOps repository access in the breach suggests the attacker may have had deep access to development infrastructure.
Frequently Asked Questions
What data was stolen in the Accenture breach?
The threat actor claims to have stolen 35GB of data including source code, RSA keys, SSH keys, Azure Personal Access Tokens, Azure Storage access keys, and configuration files from Accenture’s systems.
How did the attacker get access to Accenture’s systems?
Accenture did not disclose the attack vector. The company only stated it has “remediated its source” and that there is no impact to operations or service delivery.
Is Accenture customer data affected?
Accenture did not confirm whether customer data was compromised. The company stated the matter is isolated but provided no specifics about the scope of data exposure.
Has Accenture been breached before?
Yes. The same threat actor sold Accenture employee data after a 2024 third-party breach. Accenture also suffered a LockBit ransomware attack in 2021 that resulted in stolen data.
