Hackers Claim to Be Selling Target Source Code Following Alleged Cyberattack

Hackers are claiming to have stolen and are now selling a massive trove of internal source code belonging to U.S. retail giant Target, following what appears to be a recent cyberattack. The alleged dataset is said to total approximately 860GB and includes sensitive internal systems and documentation, though the authenticity of the claims has not yet been independently verified.

The claims emerged after a previously unknown threat actor posted on an underground hacking forum, advertising the sale of what they described as Target’s internal source code. The individual suggested this was only the first dataset to be offered, hinting that additional material could follow.

Massive Dataset Allegedly Exposed

To bolster their claims, the hackers created multiple repositories on Gitea, a self-hosted Git service, and uploaded a limited sample of the allegedly stolen data. The repositories—collectively referencing around 860GB of material—appeared to contain internal source code, configuration files, and developer documentation.

Repository names pointed to a range of internal Target systems, including digital wallet services, identity and authentication tools, store networking software, secrets documentation, and gift card infrastructure. Each repository included a SALE.MD file outlining tens of thousands of files and directories purportedly included in the full archive. One index reportedly exceeded 57,000 lines.

Further raising concerns, commit metadata and documentation within the repositories referenced internal Target development servers and URLs such as confluence.target.com, as well as the names of current Target lead and senior engineers.

Swift Takedown and Server Lockdown

After the repositories were discovered, cybersecurity outlet BleepingComputer notified Target of the findings. Shortly afterward, the Gitea repositories were taken offline. Around the same time, Target reportedly locked down its internal Git server, which had been accessible from the internet.

BleepingComputer also noted that search engines had previously indexed and cached some content from git.target.com, suggesting that portions of the allegedly stolen data may have been publicly accessible at some point. However, it remains unclear when this exposure may have occurred or whether it was the result of misconfiguration.

Breach Still Unconfirmed

As of now, the authenticity of the hackers’ claims has not been confirmed, and Target has not issued a public statement regarding the incident. Still, security researchers note that the company’s rapid response in removing repositories and restricting server access suggests the matter is being treated seriously.

If verified, the exposure of internal source code and documentation could pose long-term security risks, potentially aiding future attacks against Target’s systems or services. The situation remains under investigation, and further details are expected to emerge as analysis continues.