The European Space Agency (ESA) has confirmed a security breach involving unclassified data from science servers, following reports on social media. A threat actor claimed to have compromised ESA systems and leaked approximately 200 gigabytes of data. According to French cybersecurity professional Seb Latom, the actor allegedly stole sensitive information, including source code, API tokens, access tokens for multiple ESA systems, confidential documents, system and application configuration files, and hardcoded credentials. The leaked data may include subsystem requirements related to the Ariel mission, a science mission studying exoplanet atmospheres, as well as Airbus spacecraft material from 2015 marked as confidential.
However, ESA's initial forensic analysis revealed that only a limited number of science servers, located outside the ESA corporate network, may be affected. These servers are used for unclassified collaborative engineering activities within the scientific community. Interestingly, this breach is not an isolated incident. In December 2024, ESA's online shop, then operated by an external service provider, was hacked to process malicious payments, with the affected platform hosted outside the ESA's internal network.
ESA has taken proactive measures by notifying relevant stakeholders and implementing short-term remediation to secure potentially affected systems. Emma Gatti, a planetary scientist and journalist, highlights the importance of such incidents, emphasizing the need for robust cybersecurity in the space industry.
