20260112-bleepingcomputer.com-a6fae

< Back to index

Target's dev server offline after hackers claim to steal source code

Published:

12 January 2026 at 17:52:10

Alert date:

12 January 2026 at 18:02:27

Source:

bleepingcomputer.com

Data Breach & Exfiltration, Enterprise Applications

Hackers are claiming to sell internal source code belonging to Target Corporation after publishing what appears to be stolen code repositories on a public software development platform. Following notification from BleepingComputer, the files were taken offline and Target's developer Git server became inaccessible. This represents a significant data breach involving proprietary source code that could expose internal systems and security mechanisms.

Technical details

Unknown threat actors allegedly gained access to Target's internal development environment and stole approximately 860 GB of source code and developer documentation. The attackers published sample repositories on Gitea containing portions of Target's internal code including wallet services, identity management APIs, store labs tools, secrets documentation, and gift card services. The repositories contained SALE.MD files with over 57,000 lines listing tens of thousands of files and directories. Commit metadata referenced internal Target development servers and current Target engineers. Target's Git server at git.target.com became inaccessible after BleepingComputer contacted the company about the alleged breach.

Mitigation steps:

Target took the Git server offline and requested takedown of the repositories containing the alleged stolen code. Organizations should monitor for exposure of internal development servers, implement proper access controls for development environments, and ensure Git servers are not publicly accessible without authentication.

Affected products:

Target Corporation internal development environment
Target Git server (git.target.com)
Target wallet services
Target identity management systems
Target gift card services