The European Space Agency (ESA) has acknowledged a cybersecurity incident affecting a limited number of externally hosted science servers, after hackers claimed to have stolen up to 200 GB of data. ESA says the affected systems were outside its core network and confirms that no mission-critical or classified environments were compromised.
According to ESA, the impacted servers were used for collaborative engineering work with external partners and represented only a small portion of its infrastructure. While the agency has launched a forensic investigation and secured the systems, it has not confirmed whether data exfiltration occurred or identified the specific servers involved. ESA also declined to comment on whether credentials or engineering materials were accessed.
The claims originated from a post on the BreachForums cybercrime forum by an actor known as “888,” who alleged access to ESA’s JIRA and Bitbucket platforms for about a week. The attacker claims the stolen data includes source code, configuration files, API tokens, credentials, and internal documentation, though these claims have not been independently verified.
Security experts note that even unclassified development assets can pose long-term risks if reused or insufficiently rotated, potentially enabling supply chain attacks or further network intrusion. The incident highlights broader cybersecurity challenges across the space sector, where international collaboration and distributed development platforms increase exposure.
ESA has faced similar issues in the past, including a 2015 breach linked to Anonymous and a separate 2024 compromise of its online merchandise store. While ESA maintains that its core systems remain secure, the latest incident underscores ongoing vulnerabilities tied to external and collaborative digital infrastructure.