A hacker has managed to gain access to the database server of the official career website of Bangladesh Air Force and leaked the accounts' login credentials.
"Joinbangladeshairforce.mil.bd", serves as a portal for applying for Air Force, is reportedly breached by the hacker using the online name @1923Turkz. The SQL injection vulnerability in the website gave him the opportunity to break in.
The database breach was announced in his twitter account along with the link to the accounts leak.
The leak include login credentials of 19 accounts that contains the email addresses that ends with 'army.mil.bd' and encrypted passwords.
Although the passwords are encrypted , it won't take much time for someone to crack the hash. We have analyzed the leaked passwords and found most of the passwords are very weak passwords.
A simple google search reveals the decrypted passwords. We just like to point out one of the worst password used : "password". We recommend the Bangaldesh government to immediately fix the vulnerability and urge users to change their password.