breach🌐InternationalSecurity Affairs
ESA Confirms Data Breach After Hacker Offers Stolen Scientific Data
Wednesday, December 31, 2025
What
A threat actor, "888," offered to sell 200 GB of data allegedly stolen from the European Space Agency, prompting ESA to confirm a breach of external science servers. This incident is significant as it exposed sensitive development data like source code and API tokens, potentially impacting scientific projects.
Where
European Space Agency (ESA); specifically, a small set of external servers supporting unclassified scientific collaboration.
When
Hacker announced breach December 18, 2025; ESA disclosed and confirmed the breach on December 30, 2025.
Key Factors
- •The breach involved a significant volume of data (200 GB), including source code, API/access tokens, configuration files, credentials, and confidential documents from private Bitbucket repositories.
- •The compromise was limited to a small number of external servers supporting unclassified scientific collaboration, rather than ESA's core corporate network.
- •The incident was brought to light by a threat actor ("888") publicly offering the stolen data for sale on BreachForums, prompting ESA's disclosure.
Takeaways
- →Organizations must ensure robust security for all external-facing servers and development environments, including those for unclassified collaboration, as they remain attractive targets.
- →The sale of stolen data on underground forums continues to be a primary driver for public breach disclosures, highlighting the need for proactive threat intelligence monitoring.
Read Full Article
Opens original article on Security Affairs
