The European Space Agency has confirmed that it suffered a data breach after a threat actor claimed to have stolen and then offered for sale a large volume of internal data claimed to be from the ESA.
In a statement on X Inc., the ESA said the incident involved a “very small number” of external servers that were hosted outside its core corporate network and used to support unclassified collaborative engineering work with external partners and members of the scientific community. The agency added that no classified systems were affected and that the compromised infrastructure was isolated from its main internal environment.
The disclosure came after an attacker using the alias “888” claimed on cybercrime site DarkForums that they gained access to ESA systems in mid-December and maintained access for about one week. The threat actor claimed to have exfiltrated about 200 gigabytes of data and has attempted to sell the material online, posting screenshots as purported evidence of access.
Hackread reports the hacker was offering the stolen data for sale via payment exclusively in the Monero anonymous cryptocurrency.
The affected systems may have included development and collaboration platforms such as issue tracking and code repository tools. According to the attacker’s description, the stolen data included source code, configuration files, documentation and internal project materials, along with application programming interface keys, access tokens and continuous integration and deployment artifacts.
While the volume or sensitivity of the data allegedly stolen has not been confirmed, the incident highlights a recurring challenge for large research organizations: the security of externally hosted collaboration environments.
The systems used by the likes of the ESA are often designed to enable rapid cooperation across institutions and borders, but their proximity to source code, automation pipelines and shared credentials makes them attractive targets for attackers.
The breach also wasn’t the first time threat actor 888 has been linked to a high-profile data breach. The same hacker or hacking group, which first emerged in 2024, has been linked to previous data breaches involving Shopify Inc. and Decathlon SE, according to Malpedia.
Image: News/Ideogram
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About News Media
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
