What you need to know – Anonymous strikes the European Space Agency

Dec 14, 2015 By Amit Ashbel

Members of “Anonymous” have breached a number of sub-domains of the European Space Agency website and leaked personal and login credentials of thousands of subscribers and officials. The leaked data includes full names, email addresses, office addresses, institution names, phone numbers, fax numbers and in many of the cases, clear-text passwords have also been exposed. Overall, more than 8,000 subscriber’s data has been exposed.


The hackers exploited a blind SQL vulnerability in order to access the back-end of the sub-domains and exfiltrate data from the database.


Blind SQL  injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the application’s response.


While the direct impact of the breach is not yet clear, incidents such as these may be used as an initial step to launch further cyber-attacks. The information could be used to execute spear phishing attacks on key people within the organizations and gain sensitive data to carry out further attacks.


The attack stresses the importance of tight security measures for web applications. In this case, a blind SQL injection was used which could easily be addressed and prevented by analyzing the application code in advance using a static application security testing solution.

The following two tabs change content below.

Amit Ashbel

Cyber Security Evangelist at Checkmarx
Amit Ashbel has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities, including technical and Senior Product lead positions. Amit adds valuable product knowledge including experience with a wide range of security platforms and familiarity with emerging threats. Amit also speaks at high profile events and conferences such as Blackhat, Defcon, OWASP, and others.

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.