It is reported that yesterday the European Space Agency (ESA) website was
compromised by a hacker, opening up sensitive project logs and exposing
hundreds of email addresses and passwords associated with some of Europe?s
top science institutes.
The hacker, known by the alias TinKode, posted a full disclosure of the
attack on his website, highlighting FTP accounts, database users, hashed
passwords as well as SHA1-hashed server root password. Perhaps a little
more worrying for the ESA was that fact the attacker was also able to
access some of the agency?s space projects including satellite activities,
calibration sources and environmental details.
Despite showcasing the data stolen in the attack, the hacker did not
disclose how the ESA website was compromised.
Administrator and editor credentials were discovered to be in plain text,
as were user email addresses and passwords, which look to consist of
serveral CERN science institute employees, staff at defence corporation
BAE Systems and many other contractors and companies linked to the agency.
No comments:
Post a Comment