Skip to main content
LiMP VPN
All news

Accenture Confirms Breach: 35GB of Code and Keys Stolen

Accenture Confirms Breach: 35GB of Code and Keys Stolen

In short: In early July 2026, a threat actor known as '888' offered 35GB of allegedly stolen Accenture data for sale on a cybercrime forum — source code, RSA and SSH keys, Azure access tokens and internal configuration files. Accenture confirmed a security incident but called it isolated and already remediated, with no impact to operations. Leaked developer secrets like these can fuel downstream attacks, so the practical response is credential hygiene: rotate keys, enable MFA and reduce your exposure.

What happened

Around 6-7 July 2026, a seller using the handle '888' listed 35GB of data attributed to consulting giant Accenture on a cybercrime forum, priced as a one-time sale payable only in the Monero cryptocurrency. According to the listing, the trove included application source code, RSA and SSH keys, Azure Personal Access Tokens, Azure Storage access keys and internal configuration files.

To back the claim, the actor published a screenshot of a live git clone pulling from an Azure DevOps repository hosted under an accenture.com domain. This is the same category of stolen credential that drives the large password and secret leaks we have covered before — and it is exactly why basic account-protection habits matter for everyone, not just enterprises.

What Accenture said

Accenture confirmed to reporters that it was aware of an "isolated matter" and that the source had already been remediated, adding there was "no impact to Accenture operations and service delivery." The company did not disclose how the attacker got in, did not confirm the 35GB figure, and did not say whether any client environments were affected. Security researchers noted that '888' had reportedly targeted Accenture before, in a 2024 claim the company disputed at the time — this is the firm's third major extortion-style incident since the 2021 LockBit ransomware attack.

Why a source-code leak is dangerous

Stolen source code and cloud secrets are not just an embarrassment — they are working keys. Access tokens and SSH/RSA keys can let an intruder authenticate to cloud systems as a trusted service until those secrets are rotated. Source code can reveal hidden endpoints, hard-coded credentials and logic flaws that make follow-on attacks far easier. And when a supplier that serves thousands of large organizations is hit, the risk ripples outward to its clients and, ultimately, to the personal data those systems hold.

That is the real lesson for ordinary users: your data often lives inside vendors and contractors you never chose directly. A breach far up the supply chain can end weeks later as an exposure of your personal information — through phishing, credential stuffing or account takeover built on the leaked material.

How to protect yourself and your accounts

Rotate and scope your secrets. If you manage systems, treat any exposed token or key as compromised: revoke and reissue it, and give each credential the minimum access it needs so one leaked key cannot open everything.

Turn on multi-factor authentication. Even if a password or token leaks, phishing-resistant MFA blocks most account takeovers. Our guide on protecting an account from hacking covers the basics.

Watch for targeted phishing. After a vendor breach, expect convincing emails that reference real projects or names. Verify unusual requests through a second channel before you click or pay.

Encrypt your connection on untrusted networks. A VPN cannot undo someone else's breach, but on public or shared Wi-Fi it routes your traffic through an encrypted tunnel, so local attackers cannot intercept your logins or steer you to a fake page. LiMP VPN is a no-logs service for iOS and Android — see the features and plans, and more privacy news on our blog.

Sources

This report is based on breach confirmation reported by BleepingComputer and Help Net Security (8 July 2026), with additional detail from Cybernews.

Accenture Confirms Breach: 35GB of Code and Keys Stolen | LiMP VPN