Deep Space Leak: 200GB of ESA and Airbus Code Put Up for Sale by Hacker “888”

by ddos · January 5, 2026

An advertisement has surfaced on the BreachForums forum offering a large data archive for sale. According to the seller, operating under the alias “888,” the dataset is linked to Bitbucket repositories used in projects associated with the European Space Agency. The volume of the data offered is estimated at approximately 200 gigabytes.

The listing was first noted by space and rocketry researcher Georgy Trishkin. In his assessment, the breach extends beyond purely scientific projects and includes defense-related developments connected to Airbus Defence and Space. The archive is described as containing internal technical documentation, source code, fragments of CI/CD infrastructure, and access credentials such as passwords, API tokens, and other highly sensitive information.

Data leaks of this magnitude are relatively rare, and their very scale significantly amplifies the associated risks. Bitbucket repositories are typically used for collaborative software and engineering development; as such, their compromise can lead not only to data exposure, but also to infrastructure takeover or the insertion of malicious changes into active projects.

According to Trishkin, the published screenshots indicate that the attacker does indeed possess proprietary materials. As an example, he cites data related to the JUICE scientific probe, a project to which Airbus specialists also contributed. At the same time, the full scope of the incident remains unclear. He notes that intrusions affecting space agencies or affiliated organizations are uncommon, and the decision to put such materials up for sale moves the situation beyond conventional industrial espionage, raising particularly serious concerns about who may ultimately acquire the data.

The European Space Agency has confirmed the incident. ESA stated that it is aware of the issue and has launched an internal investigation. According to the agency, the matter concerns a cyber incident affecting servers located outside its primary corporate network.

Preliminary findings suggest that the breach may have been limited to a small number of external servers used for unclassified collaborative engineering work on scientific projects. All relevant parties have been notified, and the investigation is ongoing. ESA has also emphasized that the incident does not involve classified information and has not impacted the agency’s core infrastructure.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal