This article was published on April 18, 2011

European Space Agency hacked, sensitive data released publicly


European Space Agency hacked, sensitive data released publicly
Matt Brian
Story by

Matt Brian

Matt is the former News Editor for The Next Web. You can follow him on Twitter, subscribe to his updates on Facebook and catch up with him Matt is the former News Editor for The Next Web. You can follow him on Twitter, subscribe to his updates on Facebook and catch up with him on Google+.

It is reported that yesterday the European Space Agency (ESA) website was compromised by a hacker, opening up sensitive project logs and exposing hundreds of email addresses and passwords associated with some of Europe’s top science institutes.

The hacker, known by the alias TinKode, posted a full disclosure of the attack on his website, highlighting FTP accounts, database users, hashed passwords as well as SHA1-hashed server root password. Perhaps a little more worrying for the ESA was that fact the attacker was also able to access some of the agency’s space projects including satellite activities, calibration sources and environmental details.

Despite showcasing the data stolen in the attack, the hacker did not disclose how the ESA website was compromised.

Administrator and editor credentials were discovered to be in plain text, as were user email addresses and passwords, which look to consist of serveral CERN science institute employees, staff at defence corporation BAE Systems and many other contractors and companies linked to the agency.

In an edit to the blog post, TinKode notes that an email had been sent to the European Space Agency, notifying them of the breach. At the time of writing, the website remains live, suggesting ESA employees have identified and patched issues allowing unauthorised access.