Accenture has confirmed a cyberattack after a threat actor began advertising stolen data for sale on an underground forum.
A hacker going by "888" posted a forum thread claiming to sell roughly 35GB of material taken from Accenture's Azure DevOps repositories in July 2026. The alleged haul includes source code, RSA and SSH keys, Azure Personal Access Tokens, storage access keys, and configuration files. Accenture confirmed the incident but said it was "isolated," that the breach has been remediated, and that there is no operational impact — without disclosing what was actually taken, how the attacker got in, or how much data left the building.
The details Accenture chose not to share matter more than the ones it did. Keys and tokens are particularly sensitive because they can grant persistent access to cloud infrastructure long after the initial intrusion is closed. If the credentials were valid at the time of exfiltration and not immediately rotated, the remediation claim deserves scrutiny.
This is not Accenture's first rodeo. The same actor, 888, attempted to sell Accenture employee data following a third-party breach in 2024, and in 2021 LockBit hit the firm with a ransomware attack and stole data then too. A consulting giant that counts governments and major enterprises among its clients accumulating a breach history like this is, at minimum, a talking point for every competitor's sales team.