The European Space Agency has confirmed that hackers gained access to a small number of servers located outside its main corporate network, following days of online claims by a threat actor.
In a statement issued on Tuesday, ESA said it had identified a “recent cybersecurity issue involving servers located outside the ESA corporate network” and had launched a forensic investigation to determine the scope of the intrusion.
“These servers support unclassified collaborative engineering activities within the scientific community,” the agency said, adding that its analysis was still ongoing.
ESA is aware of a recent cybersecurity issue involving servers located outside the ESA corporate network. We have initiated a forensic security analysis—currently in progress—and implemented measures to secure any potentially affected devices.
Our analysis so far indicates that…
— European Space Agency (@esa) December 30, 2025 Hackers Claim Week-Long Access and Massive Data Theft
The confirmation follows posts on the BreachForums hacking forum, where an attacker using the alias “888” claimed to have maintained access to ESA systems for roughly a week. Screenshots shared online appeared to show access to internal JIRA and Bitbucket services.
According to the hacker, more than 200GB of data was allegedly stolen, including private source code repositories, CI/CD pipelines, API and access tokens, configuration and Terraform files, SQL databases, and hardcoded credentials.
“I’ve been connecting to some of their services for about a week now and have stolen over 200GB of data,” the threat actor wrote, claiming to have dumped “all their private Bitbucket repositories as well.”
ESA has not confirmed the volume or nature of the data described in those claims.
Agency Moves Quickly to Contain the Incident
ESA said that “short-term remediation measures” have already been put in place to secure any potentially affected devices. The agency also confirmed that all relevant stakeholders had been notified of the breach.
“Our analysis so far indicates that only a very small number of external servers may have been impacted,” ESA said, stressing that the affected systems were not part of its internal corporate infrastructure.
Not ESA’s First Cybersecurity Wake-Up Call
While ESA has sought to limit concern around the incident, it is not the first time the agency has faced cybersecurity issues. Just a year ago, its official online shop was compromised in a separate attack, when malicious JavaScript code was injected to steal customer and payment card information during checkout.
As the forensic investigation continues, further updates are expected. For now, ESA maintains that the breach was contained and limited, but the hackers’ claims ensure the incident will remain under close scrutiny across Europe’s space and security communities.
Published by Kerry Harrison
Kerry’s been writing professionally for over 14 years, after graduating with a First Class Honours Degree in Multimedia Journalism from Canterbury Christ Church University. She joined Orbital Today in 2022. She covers everything from UK launch updates to how the wider space ecosystem is evolving. She enjoys digging into the detail and explaining complex topics in a way that feels straightforward. Before writing about space, Kerry spent years working with cybersecurity companies. She’s written a lot about threat intelligence, data protection, and how cyber and space are increasingly overlapping, whether that’s satellite security or national defence. With a strong background in tech writing, she’s used to making tricky, technical subjects more approachable. That mix of innovation, complexity, and real-world impact is what keeps her interested in the space sector.