Alleged Breach Details
A threat actor who goes by the alias “888” has listed data for sale on a cybercrime forum, claiming it was stolen from Accenture. The actor alleges the stolen material totals roughly 35 GB and includes source code, RSA keys, SSH keys, Azure Personal Access Tokens (PATs), Azure Storage Access Keys, and configuration files. The listing was posted on July 6, 2026, and the actor claims the breach occurred earlier in the same month.
Evidence and Response
To support the claim, the actor shared a sample screenshot that appears to show command-line output from Azure DevOps, including a curl request and a git clone operation against a private repository. The sample references a repository named “121123_AtriasTalentAcademy” hosted under a redacted Accenture production URL. Accenture has confirmed a breach but has not verified the specific data types or volume claimed. The company stated, “We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery.” The actor is asking for payment in Monero (XMR), with no price publicly disclosed. Security teams are advised to treat the claims as unconfirmed until further evidence surfaces, though organizations using Azure DevOps should review PAT rotation policies and audit repository access logs as a precaution.
Source: Cyber Security News
