Cyber Incident Victim: Hawking Technology

Hawking Technology experienced a confirmed cybersecurity incident involving unauthorized data exposure around February 7, 2016, when an individual using the Twitter handle @OGSTRK posted a link to a dump of "hawking.hw_users" data. The dumped dataset contained over 25,000 records with usernames, email addresses, and MD5-hashed passwords, alongside a separate table of approximately 20 accounts with credentials stored in plain text. Forensic analysis of the dump revealed numerous duplicate entries, test accounts, and dummy records within the dataset. The MD5 hashing algorithm used for password storage was cryptographically weak, enabling attackers to easily crack credentials—including those belonging to a Hawking Technology administrator account. DataBreaches.net attempted to notify Hawking Technology via emails sent to [email protected] on March 8 and March 10, 2016, providing decrypted password details, but received no response from the organization.

This incident represented at least the third major compromise of Hawking Technology's systems since 2011, with historical evidence indicating prior breaches in April 2011 (discussed on HackForums.net), January 2012, and August 2012 (attributed to Team GhostShell). Security researchers had previously documented vulnerabilities to SQL injection attacks on Hawking's web properties. The 2016 data exposure created direct risks of credential reuse attacks against affected users due to the cracked passwords, while the compromised administrator credentials posed additional risks of unauthorized network access. The organization's failure to acknowledge or respond to multiple breach notifications suggested persistent deficiencies in incident response capabilities. No evidence of containment measures, forensic investigations, or customer notifications was documented in available public records following the 2016 exposure.