January 1, 2026

Ground Control to Roast Control

Article URL →HN comments →

European Space Agency hit again as cybercriminals claim 200 GB data up for sale

ESA says 'small blip'; commenters roast, joke about space exile, debate if the loot is junk or public

TLDR: ESA says only a few external servers were hit, while a hacker claims 200GB of code and keys are for sale. Commenters roast the holiday auto-reply, joke about space exile, and split between “make science public” and “this loot looks like junk,” raising questions about ESA’s security and transparency.

Europe’s space boffins are back in the breach headlines, and the internet is not letting them coast. The European Space Agency says only a “very small number” of external servers for unclassified work were touched, while a hacker on a zombie forum claims a juicy 200GB haul of source code, access tokens (think digital keys), and private code vaults. ESA posted a calm update on X and pointed to an ongoing investigation on its site—but the comments? They’re in orbit.

One camp is roasting the optics: the news site got an auto-reply because ESA offices are closed for New Year—cue eyerolls and “this is so EU” jokes. The thread’s wildest gag? The crowd-pleasing fantasy: “one-way ticket into space” for the culprits. Another faction argues: if this is scientific stuff, shouldn’t more be public anyway? Meanwhile, skeptics are dunking on the hacker’s sales pitch—if it’s really that valuable, why has no one bought it? Some call the alleged loot a flex and “more insult than breach.”

Zooming out, commenters see a pattern: past store skimming at holiday time, older leaks years ago, and the same “it’s external, not core” reassurance. The bigger debate: transparency vs. security, and whether ESA is underplaying a mess the internet’s already meme-ifying.

Key Points

  • ESA reported a security incident affecting a small number of external servers used for unclassified collaboration.
  • ESA initiated forensic analysis, secured potentially affected devices, and notified stakeholders via an X post.
  • A cybercriminal on BreachForums claims to have accessed ESA-linked servers from December 18 for about a week and is selling 200 GB of data.
  • Claimed stolen items include source code, CI/CD pipelines, tokens, confidential documents, configuration files, Terraform and SQL files, and private Bitbucket repositories.
  • ESA has experienced multiple prior incidents (2011, 2015, 2023), often involving external systems rather than core networks.

Hottest takes

"This is so on-brand for EU organizations." — egorfine
"Shouldn't this data be public anyway?" — zb3
"More of an insult to ESA, than a 'data breach'." — krick

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.