ESA hack did not breach internal network

The European Space Agency has said that although usernames and passwords were taken, the intrusion did not breach its internal network or main site
Written by Jack Clark, Contributor on

The European Space Agency has confirmed that a hacker entered its FTP servers and took sensitive data, including hundreds of passwords.

The data breach exposed more than 200 usernames, passwords and email addresses, as well as server logs, the agency said on Tuesday.

A Romanian hacker named 'TinKode' has claimed responsibility for the intrusion, publishing the details on his blog on Sunday.

However, the European Space Agency (ESA) played down the incident, saying that its internal network and main site were not placed at risk. The agency runs the space flight programme for 19 European countries, including the UK.

"The usernames and passwords that were leaked do allow access to specific mission information posted on external servers and made available to the users, so some risks were present... but the partitioning of the ESA networks prevented further dissemination of the threat," an ESA spokesman told ZDNet UK.

All those whose credentials were exposed have been notified, according to the agency. Based on data posted by TinKode, the incident did not only affect people within ESA, but also individuals with addresses from Swansea University, EADS-owned Dutch Space and others.

The hacked FTP servers were part of the ESA's "external services network", the agency's spokesman said. They were separated from one another and from other ESA networks through 'demilitarised zones' that isolated the user communities from one another, the spokesman said.

The intruder got into the FTP servers used by the scientific community to exchange information, such as astronomical observations, the spokesman said. These machines have now been taken offline.

The ESA spokesman could not give specific details on how the hacker got into its systems. However, he said that "on the basis of well-known hacking techniques", it could have been achieved by an attacker sniffing usernames and passwords stored in plaintext and captured while in transit, or via a vulnerability in the FTP software used by the space agency's servers.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards