Hackers claim to have Target source code for sale following recent cyberattack

News
By published

A database of almost 900GB was allegedly taken from Target systems

Target store checkout line and logo
(Image credit: Shuang Li / Shutterstock)
  • Unknown hackers claim to be selling 860GB of Target internal source code and documentation
  • Data allegedly includes wallet services, identity tools, gift card systems, and developer metadata
  • Target locked down servers and removed repositories; breach authenticity still unverified

Hackers are apparently selling internal source code stolen from American retail giant Target.

A previously unknown threat actor posted in an underground hacking community to claim they were selling Target’s data, and that this was the first of many datasets to go on auction.

To support their claim, the poster created multiple repositories on Gitea, a self-hosted Git platform, and uploaded a small sample of the data.

Data for sale

The repositories, totaling around 860 GB in size, appeared to contain internal Target source code, configuration files, and developer documentation, while repository names were referencing internal systems such as wallet services, identity management, store networking tools, secrets documentation, and gift card systems.

Each repository included a SALE.MD file listing tens of thousands of files and directories allegedly included in the full dataset. The index exceeded 57,000 lines and advertised a total archive size of roughly 860 GB.

Furthermore, commit metadata and documentation inside the repositories referenced internal Target development servers, internal URLs such as confluence.target.com, and named current Target lead and senior engineers.

Soon after news broke, BleepingComputer notified Target about the incident, and quickly after that - the Gitea repositories were taken offline. Around the same time, Target’s internal Git server (which was accessible from the internet) was locked down.

BleepingComputer also said search engines previously indexed and cached some content from git.target.com, hinting that some of the stolen data may have been publicly accessible at some point. However, it was unable to determine when, or under what configuration.

At this moment, the authenticity of the criminals’ claims cannot be verified, and Target is yet to comment, but since the company obviously moved to take down the Gitea repositories, it is safe to assume that the breach is quite serious.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.