European Space Agency hit again as cybercriminals claim 200 GB data up for sale

krick · 2026-01-01T18:39:14 1767292754

Was going to ask what's the data, but

> Compromised Data: Source Codes, CI/CD Pipelines, API Tokens, Access Tokens, Confidential Documents, Configuration Files, Terraform Files, SQL Files, Hardcoded Credentials and more!

Yeah, right. No wonder nobody bothered to buy and take a look. More of an insult to ESA, than a "data breach".

johnnienaked · 2026-01-02T05:55:19 1767333319

I'm old enough to remember being told not to put any personal information on the internet. Pretty soon, personal information will be mandatory to use the Internet. How ironic.

guessmyname · 2026-01-01T18:42:46 1767292966

> Compromised Data: Source Codes, CI/CD Pipelines, API Tokens, Access Tokens, Confidential Documents, Configuration Files, Terraform Files, SQL Files, Hardcoded Credentials and more!

And who is going to buy this (useless) data exactly? (half joking)

amelius · 2026-01-01T17:07:37 1767287257

Pay them a one-way ticket into space.

zb3 · 2026-01-01T17:50:39 1767289839

Shouldn't this data be public anyway?

ahsillyme · 2026-01-01T18:10:46 1767291046

More or less. Unless it's something to do with the employee's privacy or something to that effect. Doesn't mean the criminals are the good guys here, since they're trying to make bank on it instead of releasing it to the public -- if it's something that the public has an interest in.

wtcactus · 2026-01-01T19:33:34 1767296014

No, not really. The science products eventually become public (after 1st access right by contributing nations). But why would the API keys (for instance) ever be public?

victorbjorklund · 2026-01-01T18:49:08 1767293348

Terraform files? Seems waste of time to have to make it public.

egorfine · 2026-01-01T16:51:19 1767286279

> didn't hear back, with an automated response informing us that the Agency's offices are closed for the New Year holiday

This is so on-brand for EU organizations.

eterm · 2026-01-01T17:13:16 1767287596

You say that as if it's a bad thing?

egorfine · 2026-01-01T17:54:41 1767290081

In this context (massive data breach) - it is.

PunchyHamster · 2026-01-01T18:57:38 1767293858

It's noncritical infrastructure by every definition and data was already stolen, waking up a PR guy to put something on their page is a waste of everyone's time

monkey_monkey · 2026-01-01T18:03:36 1767290616

What does their comms team have to do with the massive data breach?

egorfine · 2026-01-01T19:20:36 1767295236

Answers. These guys can provide answers to the public.

JumpCrisscross · 2026-01-01T23:53:16 1767311596

Aviate, navigate, communicate. In that order.

ESA’s priority in this case is measuring the damage and then brokering a solution if needed. After that it should communicate to the public.

barrucadu · 2026-01-01T19:38:38 1767296318

Are these answers so critical they're needed on a holiday?

egorfine · 2026-01-01T19:41:01 1767296461

I don't know. There's nobody in the comms team to answer this question.

monkey_monkey · 2026-01-01T21:31:49 1767303109

OK, so nothing to do with the massive data breach. But hey, you just really want to make a point about how upset you are that Europeans having decent work/life balance, so there's not point continuing to expose your little agenda.

lillecarl · 2026-01-01T18:16:36 1767291396

Ah yes, responding to the media during holidays will make the data crawl back to their servers!

blell · 2026-01-01T18:32:13 1767292333

If this were a private business, people would be piling on and calling for the executives to face a firing squad.

nubg · 2026-01-01T18:36:11 1767292571

"People" here meaning in particular the types that frequent this very message board.

pavel_lishin · 2026-01-01T19:38:55 1767296335

You can find a certain group of people to pile on for anything.

dotgov · 2026-01-02T04:44:53 1767329093

National Labs are closed over the holidays in the USA too.