Overview
- ESA said a very small number of servers located outside its corporate network were affected and support unclassified collaborative engineering work.
- The agency reported no impact to classified or highly sensitive mission systems as containment and forensic analysis continue.
- A BreachForums user known as 888 claimed to have exfiltrated about 200 GB, including private Bitbucket repositories, source code, CI/CD data, API and access tokens, and hardcoded credentials, a claim not independently verified.
- ESA said it has implemented short-term remediation, secured potentially affected devices, and notified relevant stakeholders pending further updates.
- Security experts cautioned that exposure of development artifacts could be used to probe for supply-chain compromises, a risk consistent with ENISA findings on space-sector vulnerabilities.