Hacker Claims European Space Agency Breach, Selling 200GB of Data

A hacker using the alias 888 is claiming responsibility for a major data breach affecting the European Space Agency (ESA), alleging theft of more than 200 GB of internal data. The claim surfaced on DarkForums, where the actor states the attack occurred on 18 December 2025 and resulted in the full exfiltration of private development and documentation assets.

The material advertised for sale is described as a one-time package, with payment requested exclusively in Monero (XMR). According to the post, the data includes private Bitbucket repositories, internal documentation, infrastructure definitions, and sensitive credentials.

Sample Screenshots Analysed

Screenshots shared by the hacker show what appears to be internal ESA-related environments. One image shows a build.properties.dev configuration file referencing PSA ingestion workflows, internal hosts ending in esa.int, SMTP settings, and database connection details.

Several fields are redacted in the screenshots ...