Target Corporation internal source code and developer documentation leak claim
Data Leak
Summary
Hide ▲
Show ▼
Target Corporation is facing an internal source code and documentation leak claim centered on sample repositories posted to Gitea and a larger archive reportedly being offered for sale. Multiple current and former employees told BleepingComputer the leaked material matches real internal systems, including BigRED, TAP [Provisioning], and tooling around a customized Vela-based CI/CD platform, while git.target.com was later locked down to require a Target-managed network or VPN. The full dataset is still unverified, but the alleged ~860GB size, the authentic-looking sample, and the reported late September 2025 infostealer infection keep the disclosure significant.
Related Happenings
GitHub data exposed after GitHub breach
Data Leak
First: 20.05.2026 11:14
Last: 20.05.2026 11:14
Sources 1
About this happening:
GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub data exposed after GitHub breach
Data LeakAbout this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...
GitHub internal repositories private-code leak claim
Data Leak
First: 20.05.2026 08:08
Last: 20.05.2026 08:08
Sources 1
About this happening:
GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...
GitHub internal repositories private-code leak claim
Data LeakAbout this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...
Latest development: 21.05.2026 17:45
A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.
GitHub hit by network compromise
Incident
First: 20.05.2026 07:01
Last: 20.05.2026 07:01
Sources 1
About this happening:
GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...
GitHub hit by network compromise
IncidentAbout this happening: GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...
Latest development: 20.05.2026 13:45
GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.
Victim organization's AWS environment hit by data theft breach
Incident
First: 11.03.2026 09:31
Last: 11.03.2026 09:31
Sources 1
About this happening:
**UNC6426** breached a victim organization's **AWS environment** and escalated to **administrator access** in **less than 72 hours**, creating immediate risk of **data theft** and...
Victim organization's AWS environment hit by data theft breach
IncidentAbout this happening: **UNC6426** breached a victim organization's **AWS environment** and escalated to **administrator access** in **less than 72 hours**, creating immediate risk of **data theft** and...
GitHub Codespaces malicious repository or pull request RCE remote code execution flaw
Vulnerability
First: 05.02.2026 16:30
Last: 05.02.2026 16:30
Sources 1
About this happening:
**GitHub Codespaces** vulnerability **RoguePilot** can let an attacker abuse **GitHub Copilot** by planting hidden instructions in a **GitHub issue**, then opening a Codespace fro...
GitHub Codespaces malicious repository or pull request RCE remote code execution flaw
VulnerabilityAbout this happening: **GitHub Codespaces** vulnerability **RoguePilot** can let an attacker abuse **GitHub Copilot** by planting hidden instructions in a **GitHub issue**, then opening a Codespace fro...
Timeline
-
13.01.2026 15:08 1 articles · 4mo ago
Target restricts git.target.com access to internal network or VPN
Mitigation Patch UpdateEffective January 9, 2026, Target accelerated a security change so access to git.target.com, Target's on-prem GitHub Enterprise Server used for internal development, now requires a Target-managed network either on-site or via VPN. The server was no longer reachable from the public internet.
Show sources
- Target employees confirm leaked code after ‘accelerated’ Git lockdown — www.bleepingcomputer.com — 13.01.2026 15:08
-
12.01.2026 19:52 3 articles · 4mo ago
Target Corporation internal source code and developer documentation leak claim
Initial DisclosureAn unknown actor posted sample **Gitea** repositories that appeared to contain **Target** source code and internal documentation, then tied the preview to a larger dataset allegedly for sale. The first-stage disclosure was a public sample paired with an auction-style sales pitch.
Show sources
- Target's dev server offline after hackers claim to steal source code — www.bleepingcomputer.com — 12.01.2026 19:52
- Target's dev server offline after hackers claim to steal source code — www.bleepingcomputer.com — 12.01.2026 19:52
- Target employees confirm leaked source code is authentic — www.bleepingcomputer.com — 13.01.2026 15:08