The Bangladeshi Air force Recruitment (https://www.joinbangladeshairforce.mil.bd) has been in our headlines before, but for the wrong reasons as the then leak was proven as fake. How ever i have been alerted to a leak that was posted to pastebin on Jun 3rd 2013 that comes from its servers and this time it appears to be in fact a real breach with real data from its database. Just a little over two weeks ago a since proven fake hacker named 1923turkz had claimed an attack on this site but it was since proven as false. A different hacker using the handle @EvilDzh4x0r has come out with a leak of data from the sites database which contains a heap of personal credentials of people registered with the sites services and features. The Air Force Recruitment website (https://www.joinbangladeshairforce.mil.bd) is the official one for the Bangladeshi Air force which hosts information about joining them and services to do so. The leak was announced from the a twitter account and posted to pastebin.com as well as a downloadable file from dropbox. > #Bangladesh Air Force #Hacked & DB #Leaked :joinbangladeshairforce.mil.bd pastebin.com/wX0ixB9r@ehackernews @thehackersnews @cyber_war_news — fØundz (@f0undz) June 4, 2013
The leaked data uploaded to drop box contains what appears to be a full database extraction with some basic site related information as well as a few thousand personal details such as names, contacts, family member names, email addresses and encrypted password pins. From going over the data it appears over 110,000 credentials are exposed from this attack which leaves many people at risk in Bangladeshi as they are all personal identifiable information (PII) credentials. The pastebin post also has minor server and database information as well as database credentials.