The threat actor, 888, made the claims on an infamous hacking forum saying that Accenture suffered a data breach this month, through which 35 gigabytes of data was stolen.
"Today I am selling the Accenture Data Breach, thanks for reading and enjoy!," they wrote.
888 claimed to have stolen source codes, RSA keys, SSH keys, Azure PAT, Azure Storage access keys and configuration files.
To support their claims, 888 posted a screenshot that seems to show that they cloned an Azure DEvOps repository titled “121123_AtriasTalentAcademy,” which was hosted under a censored accenture.com hostname.
Speaking with BleepingComputer, Accenture commented on the incident, but said it had addressed the issue and that operations were not impacted.
"We are aware of this isolated matter, and we have remediated its source. There is no impact to Accenture operations and service delivery," Accenture said.
Accenture rival also hacked?
A seperate threat actor has also claimed to have leaked the GitHub credentials of Deloitte, another major consulting firm, with the data specifically pertaining to its consulting division.
According to the listing, the data includes GitHub credentials and a link to a private repository that holds the hidden content behind a login through the forum the claim was posted on.
The threat actor, who goes by the name 'grave', claimed that the data was source code and credential exposure rather than customer data.
Speaking with Cyber Daily, Deloitte said that no client data or its own was impacted, but that it was aware of the incident claims, which it said occurred in May.
“We are aware of a repost concerning a previously known incident from May 2025. The credentials referenced were outdated at the time and remain unusable. No Deloitte or client data was impacted.”
888 has allegedly breached Accenture before
This marks the second time that 888 claimed a cyber attack on Accenture, having done so in June 2024, claiming to have stolen the data of over 322,000 current and former employees.
“In June 2024, Accenture suffered a data breach from a third party that exposed 32,826 employees/former employees,” wrote 888.
The data reportedly includes full names, email addresses, and “broadcast dates.”
As is often standard practice on BreachForums, 888 posted a sample of the data, all of which have the same broadcast date.
Who is 888?
This is a developing story. Cyber Daily will provide updates as more becomes known.
888 is a prolific leaker and well-known user of BreachForums, having claimed responsibility for a number of high-profile cyber attacks in the past.
In January this year, 888 claimed a cyber attack on the European Space Agency, allegedly having stolen 200 gigabytes of data.
“I’ve been connecting to some of their services for about a week now and have stolen over 200 GB of data. Including dumping all their privagte Bitbucket repositories as well,” the hacker said, adding that data included API tokens, source code, access tokens, config files, terraform files, sql files, confidential documents, hard coded credentials, CI/CD pipelines “and more”.
In response to the incident, ESA issued a statement saying it had begun an investigation into the incident and that the servers accessed were external.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.