The European Space Agency (ESA) has confirmed a cyberattack on its official online store, which took place on December 24, 2024. The attack involved the injection of a malicious JavaScript code into the checkout process of the ESA merchandise site. This script generated a fake Stripe payment page that appeared legitimate to customers, leading them to unknowingly enter sensitive payment card information. The attack was detected by e-commerce security company Sansec, which identified the unauthorized script and issued a warning regarding the security breach.
The malicious script was designed to collect payment card data at the final stage of the purchase process. The attackers used a domain similar to the legitimate store’s but with a different top-level domain (.pics instead of .com) to exfiltrate the stolen information. The fake Stripe page appeared to be part of the ESA store, which likely led many users to believe their payment information was securely processed. Security experts from Source Defense Research confirmed the findings, further verifying that the fake payment page was served from ESA’s official website.
Following the detection of the breach, ESA’s web store became temporarily unavailable, displaying a message that it was “temporarily out of orbit.” The agency clarified that the store was not hosted on its own infrastructure and that ESA does not manage the data collected by the online store. This indicates that the store is operated by a third-party vendor, potentially complicating the security of sensitive customer information. However, ESA did not provide further details on the vendor or the extent of the attack.
In response to the attack, ESA assured the public that no data was directly managed by the agency and that they would continue to investigate the breach. The compromised store highlights the risks organizations face when relying on third-party systems for handling customer data. Although the malicious script has been removed, the incident underscores the importance of maintaining robust security measures in e-commerce platforms to protect against cyberattacks that can compromise sensitive financial data.
