**European Space Agency's Cybersecurity in Freefall as Yet Another Breach Exposes Spacecraft and Mission Data**

Just a few weeks ago, we reported on the Christmas cyber attack suffered by the European Space Agency (ESA), but it seems that the situation has taken a turn for the worse. The latest breach has exposed not only more data than initially thought, but also sensitive information about ESA's spacecraft and missions.

In December 2022, the ESA revealed that it had been hacked over the Christmas period by a hacker known as "888". At the time, the agency reassured the public that the impact was "limited" to external servers containing unclassified engineering data. However, the hacker claimed to have exfiltrated some 200GB of data, including source code, API and access tokens, hardcoded credentials, and SQL files.

Some of the stolen documents were said to be related to the Ariel space telescope mission, which aims to launch in 2029 to study the atmospheric composition of exoplanets. It seems that this was just a taste of things to come, as the December 2022 incident doesn't look so bad compared to what has happened since.

Earlier this month, the Scattered Lapsus$ Hunters cybercrime group picked up where "888" had left off and exploited an unpatched vulnerability to steal an additional 500GB of data - more than double the initial haul. But it's not just the amount of data that's concerning; the latest breach reportedly involves sensitive information such as operational procedures, spacecraft and mission details, subsystems documentation, and proprietary contractor data from ESA partners including SpaceX, Airbus Group, and Thales Alenia Space.

The consequences of this latest incident are already being felt, with ESA confirming that a criminal investigation is underway. Some have suggested that poor cybersecurity practices at ESA may have helped the hacking group gain unauthorized access to systems. Cybersecurity researcher Clémence Poirier told Space.com that she frequently comes across the email credentials of ESA staff (as well as NASA) up for sale on dark web forums.

Unfortunately, this is not an isolated incident for the ESA. The agency has suffered from a history of cybersecurity incidents, including its official online merchandise store being compromised with payment card-skimming code just days before Christmas 2024, and an Anonymous-linked breach that exposed employee and subscriber passwords and other data in 2015.

The high profile of organizations that work in outer space means that they are common targets for both bug hunters and malicious hackers. Vulnerabilities are being disclosed "almost every day" to BugCrowd about NASA, for instance. It's clear that the ESA needs to take a closer look at its cybersecurity practices if it wants to prevent these types of breaches from happening in the future.

**Timeline of Cybersecurity Incidents at ESA:**

* **2024:** ESA's official online merchandise store compromised with payment card-skimming code * **2015:** Anonymous-linked breach exposes employee and subscriber passwords and other data * **December 2022:** Hacker "888" breaches ESA, stealing 200GB of data including source code, API and access tokens, hardcoded credentials, and SQL files * **Earlier this month:** Scattered Lapsus$ Hunters cybercrime group exploits unpatched vulnerability to steal an additional 500GB of data