Deloitte Data Breach: Supposed Source Code and GitHub Credential Leak
Deloitte Data Breach: Supposed Source Code and GitHub Credential Leak
On a dark web forum, a threat actor going by the moniker “303” purportedly claimed to have compromised Deloitte’s systems and released private internal information.
Source code and GitHub credentials from internal project repositories of Deloitte’s U.S. consulting division are purportedly involved in the purported hack.
The threat actor reportedly shared information about the purported hack on a popular dark web forum, claiming to have gained access to and exfiltrated vital development resources, according to reports from cybersecurity monitoring firms.
According to reports, the compromised information includes source code from proprietary projects, as well as GitHub login credentials that would enable unauthorized access to Deloitte’s internal development infrastructure.
Deloitte’s longstanding cybersecurity difficulties are exacerbated by this most recent attack. Deloitte denied that any compromised data came from “a single client’s system, which sits outside of the Deloitte network,” despite the consulting business being the target of several breach allegations in recent months, including one from the Brain Cipher ransomware gang in December 2024. “No Deloitte systems have been impacted” during that event, the business stressed.
Nonetheless, Deloitte has a lengthy history of credential leaks. Security researchers found in 2017 that a publicly accessible GitHub repository contained Deloitte’s corporate VPN identities, passwords, and operational information.
Previous cybersecurity events, including an alleged December 2024 breach of an Indian software company that impacted major insurance providers, have been connected to the threat actor known by the codename “303.” This trend raises the possibility that the threat actor is a component of a larger campaign that targets big businesses and governmental organizations.
The consulting giant has not promptly responded to requests for comment or explanation about the recently revealed charges as more information becomes available and the investigations continue.
About the Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
How Google Calendar Was Hacked by Chinese Cybercriminals for Espionage?
About Author
English