The European Space Agency (ESA) confirmed a security breach affecting unclassified science servers after reports of a leak on social media.

A threat actor claimed to have stolen about 200 GB of data, including source code, access tokens, configuration files, and hardcoded credentials.

Screenshots suggest the compromised material may involve subsystem requirements for the Ariel exoplanet mission and some Airbus spacecraft documents marked “confidential.”

ESA stated that only a small number of science servers—outside its corporate network—appear affected and that the servers are used for collaborative scientific activities, Space News has reported.

The agency has notified stakeholders and implemented short-term measures to secure the potentially impacted systems, similar to a December 2024 online shop incident hosted externally.