Overview
- Multiple current and former employees told BleepingComputer the posted samples match real internal systems, citing platform names, project codenames, and internal URLs.
- An internal Slack message shows an accelerated change effective January 9 requiring VPN or on-site network for git.target.com, which is no longer reachable from the public internet.
- Repositories hosting sample code on Gitea were taken down after Target was contacted, and BleepingComputer observed the links returning 404 errors.
- The actor claims a dataset of roughly 860GB, while reporters reviewed only about 14MB across partial repositories, leaving the full scope and sensitivity unclear.
- Security researcher Alon Gal reported a Target employee workstation infected by infostealer malware in late September 2025 with broad internal access, though no link to the code sale has been confirmed.