Earlier this week, ESA confirmed the breach after reports on social media. “Our analysis to date indicates that a very small number of external servers are affected. These servers support unclassified collaborative engineering activities within the scientific community,” the space agency wrote on Twitter.
Although ESA claims the recent cybersecurity issue had minimal impact, an alleged hacker is offering to sell 200 gigabytes of data from the agency’s servers on the BreachForums cybercrime website. According to screenshots shared on X by French cybersecurity expert Seb Latom, the compromised data includes source code, access tokens, hardcoded credentials, Terraform files, and confidential documents.
Some of the data may be related to ESA’s upcoming space telescope Aerial, or Atmospheric Remote-sensing Infrared Exoplanet Large-Survey, which is scheduled to launch in 2029. According to Latom, data for sale online compromises the security of space projects and carries the risk of code being reused for malicious purposes.
Wanted for cyber crime
This is not the first time ESA’s servers have been compromised. In December 2024, hackers created a fake payment page on the agency’s online shop to gain access to customer information. In 2015, a hacker group broke into several ESA websites to collect information on hundreds of agency employees and customers.
Cybersecurity attacks against ESA have affected all platforms hosted outside the agency’s internal network. Still, there have been several incidents that show the agency’s data security needs improvement.
ESA’s US counterpart, NASA, has also suffered its fair share of security breaches over the years. The latest incident occurred in 2018 when hackers gained access to personal information, including Social Security numbers, belonging to agency staff members.
ESA says it has begun a forensic security analysis and has taken measures to secure any potentially affected devices. “All relevant stakeholders have been notified, and we will provide further updates as additional information becomes available,” the space agency said.
<a href