top of page
perceptive_background_267k.jpg

Target employees confirm leaked code after ‘accelerated’ Git lockdown

Published:

13 January 2026 at 13:08:25

Alert date:

13 January 2026 at 14:00:40

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Data Breach & Exfiltration, Enterprise Applications, Supply Chain & Dependencies

Multiple current and former Target employees confirmed that leaked source code samples posted by a threat actor are authentic and match real internal systems. Following contact from BleepingComputer, Target implemented an accelerated lockdown of its Git server infrastructure, now requiring VPN access for all connections. This represents a significant security incident involving the exposure of proprietary retail system source code. The rapid response suggests the leak poses substantial operational and security risks to Target's infrastructure. The incident highlights vulnerabilities in code repository security at major retail organizations.

Technical details

Threat actors claim to have stolen and are selling Target's internal source code, publishing samples on Gitea platform. The leaked data includes references to internal systems like 'BigRED' and 'TAP Provisioning', Hadoop datasets, customized CI/CD platform based on Vela, JFrog Artifactory, and proprietary project codenames including 'blossom IDs'. Target's Enterprise Git server (git.target.com) was accessible over the web until lockdown, now requires VPN/internal network access. Full dataset claimed to be approximately 860GB with 14MB sample containing 5 partial repositories verified as authentic by employees.

Mitigation steps:

Restrict access to Enterprise Git servers to require VPN or internal network connection
Monitor for compromised employee workstations with infostealer malware
Implement additional authentication controls for internal development environments
Review access controls for employees with IAM, Confluence, Wiki, and Jira access
Conduct security assessment of CI/CD pipeline infrastructure
Monitor for unauthorized access to internal development systems

Affected products:

Target Enterprise Git server (git.target.com)
BigRED platform
TAP Provisioning system
Hadoop datasets
Vela CI/CD platform
JFrog Artifactory
Target IAM systems
Confluence
Jira

Related links:

https://www.bleepingcomputer.com/news/security/targets-dev-server-offline-after-hackers-claim-to-steal-source-code/
https://archive.md/u55rZ
https://archive.md/5r3WV
https://github.com/target
https://www.bleepingcomputer.com/news/security/oracle-links-clop-extortion-attacks-to-july-security-flaws/
https://www.bleepingcomputer.com/news/security/logitech-confirms-data-breach-after-clop-extortion-attack/

Related CVE's:

Related threat actors:

IOC's:

git.target.com - Target's internal Git server, Gitea platform hosting leaked code samples, Target employee workstation compromised by infostealer malware in late September 2025

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page