The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as "unclassified" information on collaborative engineering activities.
Founded 50 years ago and headquartered in Paris, ESA is an intergovernmental organization that coordinates the space activities of 23 member states. ESA has around 3000 staff and had a budget of €7.68 billion ($9 billion) in 2025.
Today, the space agency issued a statement confirming a breach, following claims by a threat actor on the BreachForums hacking forum that they had breached some of ESA's servers.
The threat actor also leaked some screenshots as proof that they've had access to ESA's JIRA and Bitbucket servers for an entire week.
"ESA is aware of a recent cybersecurity issue involving servers located outside the ESA corporate network. We have initiated a forensic security analysis—currently in progress—and implemented measures to secure any potentially affected devices," the space agency said on Tuesday.
"Our analysis so far indicates that only a very small number of external servers may have been impacted. These servers support unclassified collaborative engineering activities within the scientific community."
ESA says it has already notified "all relevant stakeholders" of the security breach and will provide further updates as soon as more information becomes available.
While ESA didn't provide any other details about which servers were breached, the threat actors claim they stole over 200GB of data after breaching the European Space Agency's systems and private Bitbucket repositories.
Threat actor's ESA breach claims (BleepingComputer)
They said that the allegedly stolen data includes source code, CI/CD pipelines, API tokens, access tokens, confidential documents, configuration files, Terraform files, SQL files, hardcoded credentials, and more.
... continue reading