European Space Agency Confirms Breach After Hacker Offers to Sell Data

The European Space Agency (ESA) has confirmed that a cyberattack has compromised some of its systems after a hacker attempted to sell data allegedly stolen from the organization.

ESA officials said that the affected servers are located outside the agency’s corporate network and primarily support collaborative engineering activities with the scientific community. “Our analysis so far indicates that only a very small number of external servers may have been impacted,” the agency stated. “All relevant stakeholders have been informed, and we will provide further updates as additional information becomes available.”

The incident came to light when a hacker using the pseudonym ‘888’ posted on the BreachForums cybercrime site claiming to have gained access to ESA systems on December 18, 2025. The hacker offered 200 GB of stolen data for sale, reportedly including files from private Bitbucket repositories.

According to the hacker, the data includes source code, API and access tokens, configuration files, credentials, and other sensitive documents. Several screenshots were shared online to substantiate the claims.

ESA has launched a forensic investigation and is working to secure the affected servers while reviewing potential data exposure. The agency emphasized that the breach involved unclassified systems and does not appear to have affected the core ESA corporate network.

This breach follows a series of cyber incidents targeting space agencies worldwide, including the Polish and Japanese space organizations, highlighting the growing cybersecurity risks faced by the aerospace sector.