The European Space Agency (ESA) suffered a security breach of its science servers, with a hacker group claiming they have stolen 200 gigabytes worth of data that includes confidential documents and source code.
Earlier this week, ESA confirmed the breach following reports on social media. “Our analysis so far indicates that only a very small number of external servers may have been impacted. These servers support unclassified collaborative engineering activities within the scientific community,” the space agency wrote on X.
Although ESA claims that the recent cybersecurity issue had minimal impact, an alleged hacker is offering to sell 200 gigabytes of data from the agency’s servers on the BreachForums cybercrime website. The compromised data includes source codes, access tokens, hardcoded credentials, Terraform files, and confidential documents, according to screenshots shared on X by French cybersecurity expert Seb Latom.
Some of the data may be related to ESA’s upcoming space telescope Ariel, or Atmospheric Remote-sensing Infrared Exoplanet Large-survey, which is due to launch in 2029. The data for sale online compromises the security of space projects and risks the reuse of the code for malicious purposes, according to Latom.
Wanted for cybercrime
This isn’t the first time ESA’s servers have been compromised. In December 2024, hackers created a fake payment page o