惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cisco Talos Blog
Cisco Talos Blog
V
V2EX
C
Check Point Blog
GbyAI
GbyAI
D
Docker
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
B
Blog RSS Feed
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
Netflix TechBlog - Medium
T
Troy Hunt's Blog
博客园 - Franky
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Microsoft Security Blog
Microsoft Security Blog
P
Privacy & Cybersecurity Law Blog
WordPress大学
WordPress大学
The Cloudflare Blog
S
SegmentFault 最新的问题
Latest news
Latest news
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
I
InfoQ
博客园 - 【当耐特】
NISL@THU
NISL@THU
A
About on SuperTechFans
T
Tailwind CSS Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Scott Helme
Scott Helme
雷峰网
雷峰网
C
CXSECURITY Database RSS Feed - CXSecurity.com
Security Latest
Security Latest
V
Vulnerabilities – Threatpost
Security Archives - TechRepublic
Security Archives - TechRepublic
A
Arctic Wolf
Hacker News: Ask HN
Hacker News: Ask HN
N
News and Events Feed by Topic
IT之家
IT之家
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
aimingoo的专栏
aimingoo的专栏
T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
SecWiki News
SecWiki News
大猫的无限游戏
大猫的无限游戏
S
Security Affairs
The Register - Security
The Register - Security
www.infosecurity-magazine.com
www.infosecurity-magazine.com
L
LINUX DO - 热门话题
T
Tor Project blog

Consumer Insights

Qantas data breach started with a fake IT support call Lidl warns customers after data breach How to find out if your identity has been exposed by infostealers Texas breach exposes PII of 3 million hunting and fishing license customers Maine forced to take down data breach portal after fake notices filed with authorities Carnival breach exposes data of nearly 6 million people 7-Eleven data breach exposes data of 185,000 people UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years DAEMON Tools Lite breach prompts urgent update after malware-laced installer Instructure confirms breach; millions of Canvas users potentially impacted Stalkerware data leak exposes private screenshots linked to celebrities and influencers Hackers claim to have breached Udemy, stealing 1.4 million user records Rituals data breach exposes customer details Booking.com says breach exposed travelers’ data Basic-Fit data breach exposes member information across Europe Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data Lapsus$ claims AstraZeneca breach exposes code and credentials Aura data breach exposes 900,000 records after phishing attack Telus Digital data breach confirmed after ShinyHunters claims 1PB theft Was Your Data Exposed in the Latest Under Armour Breach? Here’s What You Should Do Breach at Tinder, Hinge and OkCupid exposes user data Europe Fines Big Tech €1.2 Billion under GDPR in 2025 European Space Agency Confirms New Data Breach; Classified Info May Have Been Stolen Rainbow Six Siege Servers Offline After Massive Breach Floods Accounts with Billions of R6 Credits 21,000 Nissan Customers Exposed After Third-Party Server Breach Spotify Catalog Scraped, 300TB Music and Metadata Dumped via Torrent University of Sydney Confirms Data Breach Affecting Thousands Leroy Merlin Breach Alert: French Customers Notified After Cyberattack Exposes Personal Data CodeRED Emergency Alerts Disrupted Across US After Ransomware Breach
European Space Agency's cybersecurity in freefall as yet another breach exposes spacecraft and mission data
Graham CLULEY · 2026-01-22 · via Consumer Insights

It has just been a few weeks since we reported on the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation has already become worse.

When ESA revealed that it had been hacked over the Christmas period by a hacker known as "888" it was quick to reassure the public that the impact was "limited" to external servers containing unclassified engineering data.

The hacker, however, claimed to have exfiltrated some 200GB of data, including source code, API and access tokens, hardcoded credentials, and SQL files. Some of the stolen documents were said to be related to the Ariel space telescope mission which aims to launch in 2029 in a mission to find out the atmospheric composition of exoplanets.

In light of the latest data breach to impact ESA, the December 2025 incident doesn't look too bad.

Because this month the Scattered Lapsus$ Hunters cybercrime group was quick to pick up where "888" had left off, exploited what they claim was an unpatched vulnerability to steal an additional 500GB of data - more than double the initial haul.

Furthermore, this latest breach reportedly involves data that might be more concerning - such as operational procedures, spacecraft and mission details, subsystems documentation, and proprietary contractor data from ESA partners including SpaceX, Airbus Group, and Thales Alenia Space.

As a consequence of this latest incident, ESA has now confirmed that a criminal investigation is underway.

Some have suggested that poor cybersecurity practices at ESA may have helped the hacking group gain unauthorised access to systems.

Cybersecurity researcher Clémence Poirier told Space.com that she frequently comes across the email credentials of ESA staff (as well as NASA) up for sale on dark web forums.

Unfortunately for ESA, it has suffered from a history of cybersecurity incidents. These have ranged from its official online merchandise store being compromised with payment card-skimming code just days before Christmas 2024, to an Anonymous-linked breach that exposed employee and subscriber passwords and other data in 2015.

The high profile of organisations that work in outer space means that they are common targets for both bug hunters and malicious hackers, with vulnerabilities being disclosed "almost every day" to BugCrowd about NASA, for instance.