A forum user is claiming to have compromised NASA infrastructure and leaked internal data, including unpublished website content, employee email addresses, mailing lists, database records, and information allegedly related to development and staging systems.
The post was published on a cybercrime forum on June 11. The seller claims to have maintained long term access to NASA systems and describes the alleged compromise as evidence that NASA’s infrastructure is “rotten to the core.”
The claims remain unverified. NASA had not issued any public statement at time of publication, and BreachNews could not independently verify the authenticity of the alleged data or the extent of any access described in the post.
Seller claims unpublished NASA content exposure
The forum user alleges that an unauthenticated information disclosure vulnerability exposed unpublished content through a NASA WordPress API endpoint.
According to the post, the alleged exposure contains 3,970 unpublished content items across more than 30 content types, including blogs, topics, galleries, events, mission-related content, podcasts, press releases, and other website resources.
The seller further claims that several content identifiers referenced in the data return authorization errors through standard public interfaces, which they present as evidence that the material was not intended for public access.
The actor also attached an archive named nasadata.zip, describing it as supporting material for the alleged compromise. BreachNews did not download or analyze the archive and cannot verify its contents.
The screenshot below was provided by the seller as purported proof of access. It appears to show the output of a script querying a NASA WordPress API endpoint and allegedly retrieving unpublished content metadata.
Post includes sweeping infrastructure and zero day claims
Beyond the alleged NASA data exposure, the forum post contains a series of extraordinary claims that would represent significant cybersecurity developments if proven authentic.
The seller claims to possess architectural techniques capable of bypassing security controls associated with major cloud and content delivery providers, including Google, AWS, and Cloudflare. The post also references alleged Windows kernel and Chromium browser zero day vulnerabilities purportedly capable of privilege escalation and browser sandbox escape.
No technical evidence was provided publicly to substantiate those claims, and the post does not include vulnerability details sufficient for independent verification.
The actor additionally claims the alleged compromise exposed internal infrastructure information, including development and staging environments and internal APIs.
Emails and mailing lists reportedly included
The forum post claims the dataset contains 412 email addresses belonging to NASA and Jet Propulsion Laboratory personnel, along with 77 departmental mailboxes and 20 internal mailing lists.
The seller also alleges possession of WordPress database information containing author identifiers, internal GUID values, password related fields, and unpublished content records.
BreachNews is not publishing any email addresses, internal identifiers, or other potentially sensitive information referenced in the post.
While the claims could indicate access to website content management systems if authentic, the available evidence does not currently establish whether any internal NASA networks or mission systems were compromised.
Claims of persistent access remain unverified
The seller framed the alleged breach as a long term compromise, claiming they had remained inside NASA infrastructure without detection. The post also references previous alleged intrusions involving other major organizations, though no evidence was provided to substantiate those statements.
One section of the listing adopts a notably theatrical tone, claiming the incident demonstrates that “no fortress is impregnable” before asserting that NASA’s infrastructure had been completely “subjugated.” The same post concludes with the statement: “Because we can, and because the world needs to see how fragile your security truly is.”
Such rhetoric is common in cybercrime forum posts and does not constitute proof that the alleged compromise occurred.
Authenticity remains the key question
The strongest evidence provided publicly consists of screenshots that appear to show unpublished content metadata associated with NASA’s web infrastructure. However, screenshots alone cannot establish the scope of access, the source of the information, whether the data is current, or whether any broader compromise occurred.
The seller’s additional claims regarding internal infrastructure access, employee information, and multiple zero day vulnerabilities would require substantially more evidence before they can be considered credible.
The forum user behind the claim has previously been linked to other high profile allegations, including a recent claim involving alleged access to Wickr Enterprise administrative systems that BreachNews covered here. As with that incident, the latest NASA-related claims remain unverified.
At time of publication, NASA had not issued any public statement addressing the allegations.
