Internal source code and documentation from Target Corporation exposed by a threat actor on the public software development platform Gitea were confirmed to be legitimate by current and former employees of the major U.S. retail firm, Bleeping Computer reports.Hadoop datasets and other technology stack elements revealed by the leaked data sample, including tooling for a customized Vela-based CI/CD platform and JFrog Artifactory, were noted by a current and former worker to be consistent with internal systems leveraged by Target, while another former employee disclosed the use of the exposed internal system names for the company's on-premise and cloud app deployment and orchestration tools.Such an internal development environment compromise has prompted immediate access changes to Target's on-premises GitHub Enterprise Server, according to a current employee. While more information regarding the incident remains scant, Target was noted by Hudson Rock co-founder and Chief Technology Officer Alon Gal to have had its internal services compromised following an infostealer attack against an employee workstation in September."It's especially relevant because, despite tens of infected Target employees we've seen, almost none had IAM credentials and none had wiki access, except for one other case," Gal added.
Data Security
Exposed Target source code legitimate, employees say

(Photo by Scott Olson/Getty Images)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



