European Space Agency Confirms Breach Following Leak of Internal Data
ESA acknowledges a cybersecurity incident affecting external, unclassified servers and is investigating a claimed theft of approximately two hundred gigabytes of data.
The European Space Agency (ESA) has publicly confirmed a cybersecurity breach involving servers that operate outside its internal corporate network, after a threat actor claimed to have stolen around two hundred gigabytes of data and posted it for sale online.
The agency disclosed the incident on its official social media account, stating that a forensic security investigation is underway and that measures have been implemented to secure potentially affected systems.
According to ESA’s statement, the compromised infrastructure consists of a "very small number of external servers" that support unclassified, collaborative engineering work.
The agency emphasized that these servers are not connected to its core corporate systems.
Relevant stakeholders have been informed about the situation, and ESA said it will provide further updates as additional information becomes available.
A user identifying themselves as "888" on the dark web forum BreachForums claimed responsibility for the breach, saying the intrusion began around December eighteenth and lasted for about a week.
The individual alleged that the data taken included source code from private repositories, continuous integration and deployment configurations, application programming interface tokens, access tokens, internal documentation, database files, infrastructure code, and hardcoded credentials.
Screenshots purporting to show directory structures and internal files were included with the post, though independent verification of the images has not yet been completed.
The claimed data set is being offered for a one-time purchase with payment requested in Monero, a cryptocurrency valued for privacy and low traceability.
At present, ESA has not confirmed the full scope of the data accessed or how authentic the screenshots may be, and the initial attack vector has not been publicly shared.
ESA is an intergovernmental organisation composed of twenty-three member states, tasked with coordinating Europe’s space exploration, satellite programmes and scientific research.
While the agency has stressed that the affected servers supported unclassified collaboration, security experts caution that stolen development infrastructure data — especially access tokens or hardcoded credentials — can pose risks if reused in other environments.
The ongoing forensic investigation is expected to clarify both impact and next steps, and ESA has pledged further communication as its analysis progresses.
The agency disclosed the incident on its official social media account, stating that a forensic security investigation is underway and that measures have been implemented to secure potentially affected systems.
According to ESA’s statement, the compromised infrastructure consists of a "very small number of external servers" that support unclassified, collaborative engineering work.
The agency emphasized that these servers are not connected to its core corporate systems.
Relevant stakeholders have been informed about the situation, and ESA said it will provide further updates as additional information becomes available.
A user identifying themselves as "888" on the dark web forum BreachForums claimed responsibility for the breach, saying the intrusion began around December eighteenth and lasted for about a week.
The individual alleged that the data taken included source code from private repositories, continuous integration and deployment configurations, application programming interface tokens, access tokens, internal documentation, database files, infrastructure code, and hardcoded credentials.
Screenshots purporting to show directory structures and internal files were included with the post, though independent verification of the images has not yet been completed.
The claimed data set is being offered for a one-time purchase with payment requested in Monero, a cryptocurrency valued for privacy and low traceability.
At present, ESA has not confirmed the full scope of the data accessed or how authentic the screenshots may be, and the initial attack vector has not been publicly shared.
ESA is an intergovernmental organisation composed of twenty-three member states, tasked with coordinating Europe’s space exploration, satellite programmes and scientific research.
While the agency has stressed that the affected servers supported unclassified collaboration, security experts caution that stolen development infrastructure data — especially access tokens or hardcoded credentials — can pose risks if reused in other environments.
The ongoing forensic investigation is expected to clarify both impact and next steps, and ESA has pledged further communication as its analysis progresses.
