Credit: European Spaceflight / @seblatombe (X)
The European Space Agency (ESA) has released an initial statement regarding an alleged data breach, stating that it affected a “very limited number of science servers located outside the ESA corporate network.”
On 26 December, reports began to emerge on X claiming that ESA had suffered a significant data breach, with a hacker using the alias “888” offering more than 200 gigabytes of data for sale. According to the hacker’s listing, the allegedly compromised data included source code for proprietary software, sensitive project documentation, API tokens, and hardcoded credentials.
In an initial statement issued on 29 December, the agency said it was aware of the alleged data breach and that a forensic analysis was underway. On 30 December, the European Space Agency confirmed that its initial findings indicated that a data breach had occurred, while seemingly downplaying its severity by characterising its impact as “limited.”
“At this stage, the forensic analysis has identified a very limited number of science servers, located outside the ESA corporate network, that may be affected,” the statement said. “These servers are used for unclassified collaborative engineering solutions within the scientific community. Relevant stakeholders have been notified. Further updates will be provided once the analysis is complete.”
The agency added that relevant stakeholders had been notified and that “short-term remediation measures” had been implemented to secure any potentially affected devices. Further updates are expected as the forensic analysis continues.
Keep European Spaceflight Independent
Your donation will help European Spaceflight to continue digging into the stories others miss. Every euro keeps our reporting alive.