Data Security

Accenture confirms security incident after hacker claims source code theft

Plain code with the word "cyberattack" in red.

As detailed in Security Affairs, Accenture has confirmed a security incident following claims by a threat actor who stated they stole 35 gigabytes of sensitive data, including source code and cloud credentials.

A threat actor, identified as "888," posted on a cybercrime forum offering the data for sale, alleging it was stolen in July. The data reportedly includes source code, RSA keys, SSH keys, and Azure credentials. Accenture acknowledged the breach, stating the source has been remediated with no impact on operations. However, the company has not confirmed the full scope of the incident, including whether client data was exfiltrated.

The stolen information could provide attackers with a blueprint to access client environments, as configuration files map production architectures and keys allow for silent authentication. This is not the first security incident for Accenture; the LockBit ransomware gang targeted the company in 2021, and the same threat actor "888" previously attempted to sell Accenture employee data.

Source: Security Affairs

You can skip this ad in 5 seconds