Jokesters Attack European Space Agency Systems

Hackers out for laughs claim to have breached personal data and computer system records at ESA.

Once the hacktivist group, which associates itself with Anonymous, copied the records, it posted the material onto a public document server and shared it among various people online.

The compromised records were taken from ESA subdomains, including due.esrin.esa.int, exploration.esa.int, and sci.esa.int.

According to HackRead, the group broke in through the common technique of exploiting a “blind SQL vulnerability” website code flaw, which provided them further access to the site’s database. 

A post accompanying the breached data says the ESA attack was for amusement (lulz) only.

Along with database schemas and server stats, a second post also included 8,107 names, email addresses, and passwords. A third post exposed contact details for various ESA supporters and researchers.

“Based on the posted list, an unfortunate detail becomes rather clear; either the passwords were poorly secured and easily reversed, or they were stored in clear text inside the database. Both of those options are bad news, but worse if the data was stored in the clear. Even if the subdomains are not critical to the ESA, the data should have been protected better,” CSO reports.