European Space Agency web store hacked to steal payment card information

The European Space Agency's (ESA) official web store has been compromised by hackers who injected malicious JavaScript code designed to steal payment card information through a fake Stripe payment page at checkout.

The attack was discovered by e-commerce security firm Sansec, which identified that attackers were using a domain mimicking the legitimate ESA store (esaspaceshop[.]pics versus the official esaspaceshop.com) to exfiltrate customer payment data. Source Defense Research later confirmed these findings after observing the fake Stripe payment page in action.

The malicious code was designed to generate a convincing fake Stripe payment interface that appeared legitimate since it was being served from the official ESA web store domain. While the fake payment page has been removed, researchers noted that the malicious script remained present in the site's source code.

The ESA web store has been taken offline, displaying a message that it is "temporarily out of orbit." The agency clarified that the store is not hosted on their infrastructure and they do not manage the associated data, as confirmed by whois lookup records showing different ownership between ESA's main domain (esa.int) and the compromised web store.

The total number of affected customers and the financial impact of the breach have not been publicly disclosed.