Late last night, January 27th 2019, a French based hacker belonging to the New World Hackers group going by the name of “Mizaru” announced a data dump of Vermont’s Department of Financial Regulation. The leak itself is too big to possibly explain in a couple of brief sentences here, but what I can report on is that approximately 41.48 Megabytes (MB) of data comprising of PHP Version: 5.6.15 files hosted on a 10.1.9-MariaDB database were hacked/leaked online, and that the departments servers were hacked via SQL vulnerabilities tied to URL’s addresses attached to the website back-end.
Included in the leak is information tied to various banks affiliated with the Government of Vermont, including their unique ID’s, code numbers, license numbers, issuance date, company name, trade name and addresses. The leaked data also includes access to state registration files, along with the hashed passwords necessary to access them, as well as full copies of internal memos, emails, documentation and much more. Honestly, the leak is so big that it’s almost impossible to summarize all at once here, so you are just going to have to browse through the leak for yourself this time.