TL;DR
Threat actors claim to have exfiltrated 860GB of Target's internal source code and are offering it for sale; Target took git.target.com offline after verification.
Key Points
- 860GB dataset allegedly stolen from Target's internal Git infrastructure, including wallet services and payment systems
- Threat actor published sample repositories on Gitea containing commit metadata referencing internal Target servers and senior engineers
- Target's git.target.com dev server became inaccessible from the internet after BleepingComputer's disclosure
- Multiple Target employees confirmed authenticity of leaked code samples and internal security announcements
Why It Matters
This incident highlights critical risks in enterprise Git infrastructure security and supply chain exposure. For developers and DevOps teams, it underscores the importance of access controls, network segmentation, and monitoring for internal development environments—especially those containing payment systems and sensitive business logic.
Source: www.bleepingcomputer.com