Accenture confirms breach after hacker offers stolen source code for sale
Key takeaways
- A hacker known as "888" claims to have stolen 35GB of Accenture data on 6 July, including source code and access keys
- Accenture confirmed the intrusion and says it identified and remediated the source
- Stolen SSH keys and Azure Personal Access Tokens matter more than the code itself if they were still live
- Clients of Accenture's consulting services should confirm any shared credentials have been rotated
A hacker going by "888" put roughly 35GB of alleged Accenture data up for sale on 6 July, including source code, RSA keys, SSH keys, and Azure Personal Access Tokens. Accenture has confirmed it identified the source of the intrusion and remediated it.
The company's public statement says the incident had "no impact on its financial position or operations." That's the sort of line companies reach for after almost every breach, and it may well be true for Accenture's own bottom line. It says nothing about the clients whose access keys and code might now be circulating.
Why access keys matter more than the headline number
A source code leak sounds bad but is often manageable, code gets patched and rotated. Access tokens and SSH keys are a different problem: if any of those were live at the time of theft and haven't been revoked, they're a working set of house keys for whatever systems they unlock. Consulting firms like Accenture sit inside a huge number of client environments, which is exactly why an intrusion here has ripple effects well beyond one company's own network.
Why this matters: if your organisation uses Accenture for IT consulting, cloud migration, or managed services, ask your security team whether any shared credentials, API keys, or access tokens tied to the Accenture relationship have been rotated since 6 July. Don't wait for Accenture to tell you, ask.
Accenture hasn't published a full technical breakdown of what was accessed versus what was merely claimed. Until it does, treat the hacker's claims as plausible but unverified in scope, while treating the confirmed intrusion itself as real.
Future Technology