The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as “unclassified” information on collaborative engineering activities.
Founded 50 years ago and headquartered in Paris, ESA is an intergovernmental organization that coordinates the space activities of 23 member states. ESA has around 3000 staff and had a budget of €7.68 billion ($9 billion) in 2025.
Today, the space agency issued a statement confirming a breach, following claims by a threat actor on the BreachForums hacking forum that they had breached some of ESA’s servers.
The threat actor also leaked some screenshots as proof that they’ve had access to ESA’s JIRA and Bitbucket servers for an entire week.
“ESA is aware of a recent cybersecurity issue involving servers located outside the ESA corporate network. We have initiated a forensic security analysis—currently in progress—and implemented measures to secure any potentially affected devices,” the space agency said on Tuesday.
“Our analysis so far indicates that only a very small number of external servers may have been impacted. These servers support unclassified collaborative engineering activities within the scientific community.”
ESA says it has already notified “all relevant stakeholders” of the security breach and will provide further updates as soon as more information becomes available.
While ESA didn’t provide any other details about which servers were breached, the threat actors claim they stole over 200GB of data after breaching the European Space Agency’s systems and private Bitbucket repositories.
They said that the allegedly stolen data includes source code, CI/CD pipelines, API tokens, access tokens, confidential documents, configuration files, Terraform files, SQL files, hardcoded credentials, and more.
“I’ve been connecting to some of their services for about a week now and have stolen over 200gb of data. Including dumping all their private Bitbucket repositories as well,” the threat actors said.
An ESA spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
This is not the first time the European Space Agency has had its systems breached in recent years.
One year ago, right before Christmas, the European agency’s official web shop was hacked, with malicious JavaScript code inserted to steal customer information and payment card data provided during checkout.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.