A cybercrime forum listing is claiming that consulting and technology giant Accenture suffered a data breach resulting in the alleged theft of approximately 35 GB of internal source code and cloud infrastructure data. The claims have not been independently verified.
According to the listing, the alleged archive contains source code, RSA private keys, SSH keys, Azure Personal Access Tokens (PATs), Azure Storage access keys, and configuration files. The seller describes the offering as a one-time sale but does not disclose how the alleged data was obtained.
Forum post claims access to private Azure DevOps repository
The forum listing includes a screenshot purporting to show access to a private Azure DevOps repository associated with an Accenture project. The screenshot appears to display repository metadata and a successful clone operation from what is claimed to be a private development environment.
BreachNews reviewed the screenshot but could not independently verify that the repository belongs to Accenture or confirm that any files allegedly offered for sale originated from the environment shown.
The seller also references an alleged archive size of just over 35 GB and claims it contains internal development assets rather than customer records.
Source code and cloud secrets reportedly included
According to the forum listing, the alleged dataset includes:
- Source code repositories
- RSA private keys
- SSH keys
- Azure Personal Access Tokens (PATs)
- Azure Storage access keys
- Configuration files
If authentic, exposure of source code together with cloud credentials could present a greater security risk than source code alone. Credentials and infrastructure secrets may provide attackers with insight into development environments, deployment pipelines, or cloud resources if they remain valid.
The forum post does not include technical details describing how the alleged compromise occurred or whether any credentials shown have since been revoked.
Authenticity of the listing is unclear
Accenture had not issued any public statement at time of publication regarding the alleged breach.
As with similar marketplace listings, the authenticity, scope, and origin of the claimed data remain unverified. Organizations frequently rotate credentials following suspected exposure, meaning the presence of access tokens or keys in an alleged dataset does not necessarily indicate ongoing access.
Why attackers pursue developer infrastructure
Source code repositories and cloud development environments continue to be frequent targets for cybercriminals because they can contain proprietary intellectual property, infrastructure configurations, authentication material, and deployment secrets. Access to developer platforms may also provide opportunities for supply chain attacks or further compromise of enterprise environments.
Recent BreachNews coverage involving alleged source code and developer environment exposures includes the alleged Darsa AI source code and cloud data leak, the alleged AstraZeneca source code and cloud credentials leak, and the alleged Radisys source code breach.
BreachNews will post an update if Accenture issues a public statement or if additional evidence emerges supporting or refuting the claims.












