A hacker is trying to sell what they claim is 35GB of Accenture data, including source code, cloud keys, and access tokens.
Accenture told BleepingComputer it was aware of an “isolated matter,” had remediated the source, and saw no impact on operations or service delivery. The company has not confirmed the volume of data taken, whether the listed files are authentic, or whether any credentials were active.
That gap matters because source code and cloud credentials can carry a different kind of risk than a typical data dump. If valid, they could help attackers study internal systems, map connections, or attempt access to development and cloud environments.
Hacker’s sale post
Threat actor 888 posted the Accenture data for sale on a cybercrime forum in early July. The forum text claimed the company suffered a breach that resulted in “just over 35GB” of source code being stolen.
Files named in the listing include:
- Source code
- RSA keys
- SSH keys
- Azure personal access tokens
- Azure Storage access keys
- Configuration files
Screenshots were offered as proof. One image appeared to show an Azure DevOps repository named 121123_AtriasTalentAcademy being cloned from a redacted Accenture-hosted address.
While a screenshot can support a claim of repository access, it does not prove the listed volume or verify every file type in the post.
Accenture’s unanswered questions
Accenture has not publicly confirmed the volume of data taken, whether the source code and cloud keys are authentic, or whether any credentials were active.
Company officials also have not disclosed how access was gained or whether customer data was involved. Without those details, the confirmed incident remains narrower than the hacker’s listing.
Without more concrete details about the breach, the risk remains difficult to size.
Must-read security coverage
- UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case
- Blackpoint Cyber vs. Arctic Wolf: Which MDR Solution is Right for You?
- How GitHub Is Securing the Software Supply Chain
- 8 Best Enterprise Password Managers
Cloud risk behind the breach claim
A stolen list of names and email addresses can lead to phishing or identity fraud. Source code and cloud keys, however, raise a different concern. These can serve as a map of how a company’s software is put together and, in some cases, as badges that open doors to online systems.
Source code can reveal how an internal tool works. Configuration files can show which services connect. Cloud tokens and storage keys, if still valid, may help an intruder reach online storage or development tools without having to break in again.
Many companies now build and run software through cloud platforms. When code repositories are exposed, the risk is not limited to the code itself. Stored credentials, setup details, and connection information can give attackers clues for a second step.
In a case involving source code and cloud keys, security teams would usually look for signs that someone copied code, used unfamiliar logins, or changed build and deployment settings. Exposed keys would need to be replaced quickly, much like changing locks after a lost master key.
For a company of Accenture’s scale, source code and cloud keys would be a more serious exposure than an ordinary data dump. If the seller’s claims prove accurate, the concern would be whether those files reveal enough for attackers to study internal systems or test access to cloud tools.
Also read: A new Azure CLI attack highlights a dangerous blind spot in Microsoft 365 Conditional Access policies.