A news report by HackRead reported a hacker using the alias 888 posted on DarkForums on 18 December 2025 offering more than 200 GB of internal data said to belong to the European Space Agency.
KEY FACTS
- Incident Data breach claimed affecting the European Space Agency
- Actor Alias 888 posted on DarkForums
- Date 18 December 2025
- Data More than 200 GB of internal development and documentation assets
- Status The agency had not issued a public statement at the time of publication
The post offers the material as a one time package with payment requested in Monero.
Screenshots attached to the post show internal configuration files referencing hosts ending in esa.int, SMTP settings, database connection details, Bitbucket project views and Jira entries listing subsystem requirements.
Some documents in the screenshots carry partner branding and detailed engineering diagrams covering spacecraft reference frames and subsystem descriptions formatted as official deliverables.
The report has not been independently verified. The agency had not issued a public statement at the time of publication.
WHY IT MATTERS
Exposed source code, CI CD pipelines, credentials and infrastructure definitions can reveal an attack surface for follow on intrusions or supply chain abuse. Without independent verification or an agency comment the scale of risk remains uncertain.