Multiple current and former Target employees have reached out to BleepingComputer to confirm that the source code and documentation shared by a threat actor online match real internal systems.
A current employee also shared internal communications announcing an "accelerated" security change that restricted access to Target's Enterprise Git server, rolled out a day after BleepingComputer first contacted the company about the alleged leak.
Employees verify authenticity of leaked materials
Yesterday, BleepingComputer exclusively reported that hackers are claiming to be selling Target's internal source code after publishing what appears to be a sample of stolen repositories on Gitea, a public software development platform.
Since then, multiple sources with direct knowledge of Target's internal CI/CD pipelines and infrastructure have reached out with information corroborating the authenticity of the leaked data.
A former Target employee confirmed that internal system names seen in the sample, such as "BigRED" and "TAP [Provisioning]," correspond to real platforms used at the company for cloud and on-premise application deployment and orchestration.
Both a current and the former Target employee also confirmed that elements of the technology stack, including Hadoop datasets, referenced in the leaked sample align with systems used internally.
This includes tooling built around a customized CI/CD platform based on Vela—a fact Target has also previously mentioned publicly, as well as the use of supply-chain infrastructure such as JFrog Artifactory, as also evident from third-party business intel.
The employees also independently referenced proprietary project codenames and taxonomy identifiers, such as those known internally as "blossom IDs," that appear in the leaked dataset.
The presence of these system references, project names, and matching URLs in the sample further supports that the material reflects a real internal development environment rather than fabricated or generic code.
... continue reading