A threat actor has allegedly leaked the entire source code of a website belonging to Santa Fe County, a county located in the U.S. state of New Mexico. The targeted website, lodgers[.]santafecountynm[.]gov, appears to be related to the county’s lodger’s tax services, which are taxes on short-term rentals and accommodations. The leak exposes the internal workings of the government web application, potentially creating significant security risks for the county and its users.
The data was posted on a dark web forum and includes a comprehensive set of files that make up the website. The exposure of the complete source code could allow malicious actors to analyze it for vulnerabilities, which could then be exploited to gain unauthorized access to the county’s systems, compromise data, or disrupt services. The leak’s contents allegedly include critical components of the web application.
Among the leaked data are:
- Application and system source code files
- Website configuration files and controllers
- Database models and libraries
- A MySQL database dump file named
cmspence_mysql.sql - Admin activity logs
- Credentials
