ESA disclosed a data breach, hackers breached external servers

ESA confirmed a data breach after a hacker offered to sell stolen data, confirming that external science servers were compromised.

The European Space Agency (ESA) disclosed a data breach after a threat actor offered to sell data allegedly stolen from the organization. 

A hacker who goes online with the moniker “888” announced on BreachForums the hack of ESA systems on December 18. SecurityWeek reported that the actor offered to sell 200 GB of allegedly stolen data, including files from private Bitbucket repositories. The claimed haul includes source code, API and access tokens, configuration files, credentials, and confidential documents. The threat actors published several screenshots as proof of the security breach.

ESA revealed that the cybersecurity incident affected a limited number of servers outside its corporate network. The space agency launched an investigation into the incident, and said it had applied containment measures. Initial findings indicate only a small set of external servers supporting unclassified scientific collaboration were impacted. Stakeholders have been notified, and ESA will share updates as more details become available.

“Our analysis so far indicates that only a very small number of external servers may have been impacted.” reads a statement posted on X. “These servers support unclassified collaborative engineering activities within the scientific community.”

The European Space Agency (ESA) is an intergovernmental organization founded in 1975 that coordinates Europe’s space activities. Headquartered in Paris, it brings together 22 member states to develop satellites, launch systems, space science missions, Earth observation programs, and human spaceflight projects, working closely with the EU while remaining independent.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, European Space Agency)