Target Employees Verify Authenticity of Leaked Source Code
Recent reports have emerged confirming that leaked source code from Target has been verified as authentic by multiple current and former employees. This discovery highlights serious security concerns regarding internal systems at the retail giant.
Leaked Source Code Verification by Target Employees
Employees have confirmed the authenticity of the leaked materials, which were first reported by BleepingComputer. The source code and related documentation were discovered on Gitea, a public platform for software development.
A former Target employee identified internal system names in the leaked data, such as “BigRED” and “TAP [Provisioning],” as components used for cloud and on-premise application management. Additionally, references to technology stacks, including Hadoop datasets, align with Target’s internal operations.
Details of the Security Change
Following the leak, Target implemented an “accelerated” security change. An internal message indicated that effective January 9th, 2026, employees would require a Target-managed network to access git.target.com, the company’s internal GitHub Enterprise Server. This new measure reflects a significant shift in how Target handles security for its proprietary source code.
Understanding the Scope of the Incident
- Data Access: Prior to the changes, git.target.com was accessible from the web, requiring user authentication.
- Current Access: Now, access is restricted to internal networks or VPNs, fortifying protection against external threats.
- Size of Data Leak: The leaked dataset allegedly consists of approximately 860GB, although only a 14MB sample has been reviewed thus far.
Investigation into the Data Breach
Investigators are probing how this sensitive data was leaked. Initial findings suggest a Target employee’s workstation was compromised by infostealer malware in late September 2025. This workstation had significant access to internal systems, raising concerns about potential insider involvement.
Alon Gal, CTO at Hudson Rock, has highlighted that malware-infected devices have accessed critical company resources. The intricate details and nature of the compromised data echo previous incidents, where threat actors delayed monetizing stolen information.
Next Steps for Target
While the full impact of this breach remains uncertain, questions abound regarding the extent of the leak and its implications for Target’s data security strategy. The company has yet to respond to inquiries about an official investigation into this developing situation.
For those with pertinent information on this incident, Target encourages confidential reporting through its platforms. This unfolding event underscores the ongoing challenges organizations face in protecting sensitive internal data.
The post Target Employees Verify Authenticity of Leaked Source Code appeared first on CDN3 - Filmogaz.
