Last updated: July 8, 2026 at 4:54 AM UTC
All 573 Vulnerability 206 Breach 108 Threat 252 Defense 7
Tag: source-code (1 article)Clear

Accenture confirms breach as attacker offers source code and keys for sale

Accenture, one of the world's largest IT consulting firms, has confirmed a data breach after a threat actor advertised stolen data for sale on a hacking forum. The seller claims to have taken about 35GB of source code along with RSA keys, SSH keys, Azure access tokens and storage keys, and configuration files, and shared a screenshot appearing to show them cloning an internal Azure DevOps repository. Accenture confirmed the breach but did not comment on the amount or type of data involved. If the stolen keys and tokens are valid, they could give attackers a path into Accenture's development systems or cloud infrastructure.

Check
Organizations that work with Accenture or share infrastructure with vendors should watch for supplier notifications, and check how their own source code, keys, and cloud tokens are stored and rotated.
Affected
Accenture and, potentially, its clients; stolen source code, SSH and RSA keys, and Azure tokens could let attackers reach development systems or cloud infrastructure if the credentials are still valid.
Fix
Rotate any exposed keys and tokens, keep secrets out of source code and repositories, enforce short-lived credentials and least privilege for cloud and DevOps access, and monitor development systems for unauthorized use.