More or less. Unless it's something to do with the employee's privacy or something to that effect. Doesn't mean the criminals are the good guys here, since they're trying to make bank on it instead of releasing it to the public -- if it's something that the public has an interest in.
No, not really. The science products eventually become public (after 1st access right by contributing nations). But why would the API keys (for instance) ever be public?
It's noncritical infrastructure by every definition and data was already stolen, waking up a PR guy to put something on their page is a waste of everyone's time
Was going to ask what's the data, but
> Compromised Data: Source Codes, CI/CD Pipelines, API Tokens, Access Tokens, Confidential Documents, Configuration Files, Terraform Files, SQL Files, Hardcoded Credentials and more!
Yeah, right. No wonder nobody bothered to buy and take a look. More of an insult to ESA, than a "data breach".
> Compromised Data: Source Codes, CI/CD Pipelines, API Tokens, Access Tokens, Confidential Documents, Configuration Files, Terraform Files, SQL Files, Hardcoded Credentials and more!
And who is going to buy this (useless) data exactly? (half joking)
Pay them a one-way ticket into space.
Shouldn't this data be public anyway?
More or less. Unless it's something to do with the employee's privacy or something to that effect. Doesn't mean the criminals are the good guys here, since they're trying to make bank on it instead of releasing it to the public -- if it's something that the public has an interest in.
Terraform files? Seems waste of time to have to make it public.
No, not really. The science products eventually become public (after 1st access right by contributing nations). But why would the API keys (for instance) ever be public?
> didn't hear back, with an automated response informing us that the Agency's offices are closed for the New Year holiday
This is so on-brand for EU organizations.
You say that as if it's a bad thing?
In this context (massive data breach) - it is.
It's noncritical infrastructure by every definition and data was already stolen, waking up a PR guy to put something on their page is a waste of everyone's time
Ah yes, responding to the media during holidays will make the data crawl back to their servers!
If this were a private business, people would be piling on and calling for the executives to face a firing squad.
"People" here meaning in particular the types that frequent this very message board.
You can find a certain group of people to pile on for anything.
What does their comms team have to do with the massive data breach?
Answers. These guys can provide answers to the public.
Are these answers so critical they're needed on a holiday?
I don't know. There's nobody in the comms team to answer this question.