European Space Agency website and FTP servers hacked

The European Space Agency’s website has been hacked on Sunday by a Romanian going by the handle TinKode, who documented the hack on his personal blog and made public the root password and a number of FTP accounts, email addresses and passwords for administrators and editors.

He has not revealed the method he used to hack the site, and has also partially obscured the passwords matching the list of usernames and email accounts he published, but left the proxy usernames and passwords. Judging by the email addresses, a number of users seem affiliated with the CERN science institute, BAE defense systems, and a great number of European universities.

According to The Register, an ESA spokesman has revealed that the hack compromised only several Internet-facing FTP servers dedicated to sharing data between the Agency and its partners. The Agency has taken its FTP servers offline, reset the compromised passwords and notified the users of the incident.

Softpedia reports that the attack was executed to celebrate the anniversary of the safe landing of Apollo 13 on April 17, 1970. The 13 FTP accounts leaked are a nod to the mission’s number.

TinKode is a well-known handle to security professionals and hackers alike. He regularly reveals his high-profile hack on his personal blogs, and among his past victims are MySQL.com, Sun Microsystems, Google, YouTube, Reuters, the British Royal Navy and a number of US army and government sites.