The European Space Agency (ESA) suffered a security breach of its science servers, with a hacker group claiming they have stolen 200 gigabytes worth of data that includes confidential documents and source code.<\/p>\n
Earlier this week, ESA confirmed<\/a> the breach following reports on social media. \u201cOur analysis so far indicates that only a very small number of external servers may have been impacted. These servers support unclassified collaborative engineering activities within the scientific community,\u201d the space agency wrote on X.<\/p>\n Although ESA claims that the recent cybersecurity issue had minimal impact, an alleged hacker is offering to sell 200 gigabytes of data from the agency\u2019s servers on the BreachForums cybercrime website. The compromised data includes source codes, access tokens, hardcoded credentials, Terraform files, and confidential documents, according to screenshots shared<\/a> on X by French cybersecurity expert Seb Latom.<\/p>\n Some of the data may be related to ESA\u2019s upcoming space telescope Ariel, or Atmospheric Remote-sensing Infrared Exoplanet Large-survey, which is due to launch in 2029. The data for sale online\u00a0compromises the security of space projects and risks the reuse of the code for malicious purposes, according to Latom.<\/p>\n Wanted for cybercrime <\/p>\n This isn\u2019t the first time ESA\u2019s servers have been compromised. In December 2024, hackers created a fake payment page on the agency\u2019s online shop to gain access to customers\u2019 information. In 2015, a hacker group breached<\/a> several ESA websites to collect the information of the agency\u2019s staff and hundreds of subscribers.<\/p>\n The cybersecurity attacks against ESA have all affected platforms hosted outside the agency\u2019s internal network. Still, there have been too many incidents, suggesting the agency\u2019s data security needs improvement.<\/p>\n