ESA Online Store Compromised by Web Skimmer

The official online store of the European Space Agency (ESA) has been hacked, resulting in the injection of malicious JavaScript code that created a fake Stripe payment page. According to researchers from Sansec, the harmful script appeared on the site earlier this week. It collected customer information, including payment card details, entered during the final stage of checkout.

Details of the Attack

Sansec notified ESA representatives that the store had been compromised and could pose a risk to agency employees, as it was integrated with ESA systems. Currently, the store, which sells ESA merchandise, is offline and reportedly “temporarily out of orbit” for updates.

Researchers noted that the domain used to exfiltrate information had the same name as the legitimate store but was registered in a different domain zone. The official ESA store is located at esaspaceshop.com, while the hackers used the same name in the .pics zone (esaspaceshop[.]pics).

How the Skimmer Worked

The attackers’ script contained obfuscated HTML code from the Stripe SDK, which loaded a fake payment page when customers tried to complete their purchases. The fake page was designed to look legitimate and did not appear suspicious to users.

ESA’s Response

As reported by Bleeping Computer, ESA representatives stated that the store is not hosted within the agency’s infrastructure, ESA does not manage its data, and does not own the resource.