Unknown hackers have compromised several sites and subdomains belonging to the European Space Agency (ESA), capturing details about the organisation's management and subscribers.
The attackers posted the leaked data to Justpaste.it, and gave the motivation for the attack as "Lulz" - or hacking just for the fun of it.
ESA's Data User Element (due.esrin.esa.int) training site was compromised, along with the domains with information on the robotic exploration of the planet Mars (exploration.esa.int) and the agency's science and technology news page (sci.esa.int).
Names, addresses, phone numbers and affiliations of numerous ESA staffers were posted to the paste site, and sighted by iTnews.
Another database containing over 8000 names, email addresses and passwords of "oc_4 subscribers" was also leaked. The vast majority of the passphrases were very simple, with over 3000 comprised of just three digits.
The structure of the DUE site was also posted by the attackers, revealing that ESA is using the Debian 7.0 "Wheezy" Linux distribution, the Apache 2.2.22 webserver with PHP 5.4.4, and MySQL 5.0.0 or greater database.
Anonymous is thought to have used a blind strucutured query language (SQL) injection attack that asks the site database a series of true or false questions, to determine the data based on the application response.
There has been no comment so far from the ESA on the hack.
The hack comes on the cusp of the launch of the Principia mission to the International Space Station, scheduled to take place today.
