Deloitte is once again under the cybersecurity spotlight following claims by a hacker using the alias “303” of a significant internal breach. According to cybersecurity intelligence sources, the threat actor reportedly posted on a well-known dark web forum, claiming to have accessed and leaked sensitive development resources from Deloitte’s U.S. consulting division.
The alleged leak includes GitHub credentials and source code from proprietary internal project repositories, potentially exposing Deloitte’s internal development infrastructure to unauthorized access.
This comes amid a series of cybersecurity incidents tied to the consulting giant. In December 2024, the Brain Cipher ransomware group claimed responsibility for a separate breach—one that Deloitte denied, stating the compromised data originated from a client system outside of its network. The company emphasized at the time: “No Deloitte systems have been impacted.”
However, Deloitte's history of exposed credentials and source code traces back even further. In 2017, researchers discovered corporate VPN login details and other sensitive configurations publicly available on GitHub—raising concerns about long-standing weaknesses in securing internal tools and repositories.
The hacker known as “303” has been previously linked to other high-profile breaches, including an attack on an Indian software provider affecting major insurance firms, suggesting a wider campaign targeting large enterprises and government-linked systems.
As of now, Deloitte has not issued a public statement addressing this latest incident. Investigations are reportedly ongoing.
Related News