The European Space Agency (ESA) has released an initial statement regarding an alleged data breach, stating that it affected a โvery limited number of science servers located outside the ESA corporate network.โ
On 26 December, reports began to emerge on X claiming that ESA had suffered a significant data breach, with a hacker using the alias โ888โ offering more than 200 gigabytes of data for sale. According to the hackerโs listing, the allegedly compromised data included source code for proprietary software, sensitive project documentation, API tokens, and hardcoded credentials.
In an initial statement issued on 29 December, the agency said it was aware of the alleged data breach and that a forensic analysis was underway. On 30 December, the European Space Agency confirmed that its initial findings indicated that a data breach had occurred, while seemingly downplaying its severity by characterising its impact as โlimited.โ
โAt this stage, the forensic analysis has identified a very limited number of science servers, located outside the ESA corporate network, that may be affected,โ the statement said. โThese servers are used for unclassified collaborative engineering solutions within the scientific community. Relevant stakeholders have been notified. Further updates will be provided once the analysis is complete.โ
The agency added that relevant stakeholders had been notified and that โshort-term remediation measuresโ had been implemented to secure any potentially affected devices. Further updates are expected as the forensic analysis continues.
Keep European Spaceflight Independent
Your donation will help European Spaceflight to continue digging into the stories others miss. Every euro keeps our reporting alive.
