Target's dev server offline after hackers claim to steal source code

Is the idea that hackers can review the source for vulnerabilities?

I would imagine any internet-facing application would not have any issues with a source code "leak" like this, as all inter-app communication is based on short-lived credentials.