Mohammedia – The European Space Agency has confirmed that it is dealing with a cybersecurity incident involving servers located outside its core network, while stressing that the impact identified so far appears to be limited.
The incident was reported by Seb, a cybersecurity expert, on December 26, 2025, and later confirmed by the agency yesterday, 2025, following several days of online speculation and claims circulating on social media and cybersecurity forums.
In a public statement, the ESA said it had been informed of a “recent cybersecurity issue” affecting external servers and that an internal investigation was underway.
Initial findings indicate that only a very small number of externally hosted servers may have been impacted.
According to the agency, these systems support non-classified collaborative engineering activities used within the scientific community, rather than sensitive or mission-critical operations.
The announcement came after an individual claiming to be a hacker alleged online that they had obtained a large volume of ESA data. The claims surfaced on BreachForums, a platform known for hosting posts related to data breaches and cyber intrusions.
The individual asserted possession of roughly 200 gigabytes of data and claimed the material included source code, configuration files, deployment pipelines, and various access tokens.
Read also: Hackers Have Found a New Way Around Two-Factor Authentication
Such claims are not uncommon on underground forums, where the accuracy and scale of alleged breaches can vary widely.
Posts on these platforms often mix verified information with exaggeration or misleading statements, and organizations typically require time to assess whether the data presented is authentic and how it may have been obtained.
The ESA has not confirmed the volume or specific nature of the data described by the hacker.
The agency said a comprehensive security analysis has been launched and that protective measures have already been implemented to secure any potentially affected systems.
The ESA has emphasized that, based on the information currently available, the intrusion does not appear to involve classified material or internal core infrastructure.
The individual behind the claims has also threatened to release documents publicly, sharing screenshots said to reference industrial partners.
The ESA has not commented on these specific assertions, reiterating that the investigation is ongoing and that conclusions will be communicated once technical checks are completed.
Cybersecurity incidents targeting large scientific and strategic organizations frequently attract significant attention online, particularly when claims are amplified through social platforms.