Access Tokens Stolen from European Space Agency by Hackers

Quick Summary

• Security Breach: The European Space Agency (ESA) confirmed a breach involving the theft of 200 gigabytes of data.
• Data Compromised: The stolen data includes source code, access tokens, and confidential documents related to ESA projects.
• Previous Incidents: This is not the first security incident for ESA, with prior breaches occurring in 2015 and 2024.
• Forensic Analysis: ESA has begun a forensic security analysis and implemented measures to secure affected devices.

The European Space Agency (ESA) suffered a security breach of its science servers, with a hacker group claiming they have stolen 200 gigabytes worth of data that includes confidential documents and source code.

Earlier this week, ESA confirmed the breach following reports on social media. “Our analysis so far indicates that only a very small number of external servers may have been impacted. These servers support unclassified collaborative engineering activities within the scientific community,” the space agency wrote on X.

Although ESA claims that the recent cybersecurity issue had minimal impact, an alleged hacker is offering to sell 200 gigabytes of data from the agency’s servers on the BreachForums cybercrime website. The compromised data includes source codes, access tokens, hardcoded credentials, Terraform files, and confidential documents, according to screenshots shared on X by French cybersecurity expert Seb Latom.

Some of the data may be related to ESA’s upcoming space telescope Ariel, or Atmospheric Remote-sensing Infrared Exoplanet Large-survey, which is due to launch in 2029. The data for sale online compromises the security of space projects and risks the reuse of the code for malicious purposes, according to Latom.

What are the Implications of the Cybercrime?

This isn’t the first time ESA’s servers have been compromised. In December 2024, hackers created a fake payment page on the agency’s online shop to gain access to customers’ information. In 2015, a hacker group breached several ESA websites to collect the information of the agency’s staff and hundreds of subscribers.

The cybersecurity attacks against ESA have all affected platforms hosted outside the agency’s internal network. Still, there have been too many incidents, suggesting the agency’s data security needs improvement.

ESA’s American counterpart, NASA, has also suffered its fair share of security breaches over the years. The latest one took place in 2018 when hackers gained access to personal information, including social security numbers, belonging to the agency’s staff members.

ESA says it has initiated a forensic security analysis and put measures in place to secure any potentially affected devices. “All relevant stakeholders have been informed, and we will provide further updates as soon as additional information becomes available,” the space agency added.