In the newest spectacular installment of “who's mad at Elon Musk now,” SpaceX has apparently been hacked.
According to a BreachForums post by a user identified “l33tfg,” the aerospace giant's personnel data has been compromised.
The hacker, obviously not a fan of Musk, labeled the breach with a poetic statement:
“Today I present data from SpaceX, because f*** you Elon Musk, that's why LOL.“
Yes, this appears to be what cybersecurity beefs will look like in 2024.
The hacker claims that the dump includes SpaceX employees' emails, hashed passwords, phone numbers, host names, and IP addresses.
But before you go locking down your favorite space memes, there's one catch: we're not sure whether it's true. SpaceX has yet to respond, and the hacker isn't providing believable explanations either.
We contacted SpaceX for verification, and still refreshing our mail as we speak.
However, based on our observations, the data appears to quite “not fake”. Although the database we analyzed contained a large number of “null” values.
However, some of the employee email addresses correspond to names from SpaceX staff profiles on LinkedIn.
Nothing says “legit” like a LinkedIn match, right?
In addition to emails, the leaked material appears to include real host names, mail servers, and even the company's corporate communication tools .
If that isn't enough, there are code names that indicate internal platforms for task management and other processes.
There are even suggestions of integrations with other services, such as Microsoft's Fastly CDN and Shopify.
Although what’s weird about the database is the pile of email accounts allegedly of Elon Musk.
Does he just make a new account every time he forgets a password, or is this some new form of billionaire multitasking?
The hacker commented on Hackedose: “I have no real beef with Elon, I just said it for the lulz.”
They also claimed to have accessed the data using scraping and phishing attempts, and while they will not go into detail, the leak will nonetheless affect SpaceX.
The hacker calls into question how much SpaceX really invests in their security.
We'll keep you updated if SpaceX decides to take action and address the situation.
This is hardly SpaceX's first issue. Back in May 2024, cybersecurity firm iZOOlogic detected another hack, raising concerns about SpaceX's internal security.
Whether or not this current event is credible, SpaceX's cyber protections appear to be under scrutiny once more.
I am l33tfg
I have no real beef with elon, I just said it for the lulz
I obtained the data through scraping and phishing attacks lets just say
I wont get into specifics, but It will still do obvious harm to spaceX having that info leaked,
This calls into question how much SpaceX invests into there security
Thank you for your response! I’ll include this in the story. Could you also share your thoughts on the White House leak?
Are you writing an article about the white house leak I posted?
if so, I got it through the same methods as this, except its security was surprisingly worse then SpaceX, over a thousand emails where left open in a directory, I think if your a government of the so called “most powerful nation” you should really no better then that, and that’s something I cant get behind.
I do still hate elon, as with all greedy billionaires who make profit from child labor, but never had a specific grudge, because thats a rather strong word
Thanks for the quick response!
As for the White House leak, we’re holding off on publishing a piece for now, as it’s a sensitive topic. Also, we came across some unusual email addresses like traitor@whitehouse[.]gov and malewh*re@whitehouse[.]gov—could you share your thoughts on those?
Regarding the current headline of this story, we maintain a rather “unique” editorial style to keep things lively, but if the headline doesn’t suit you, we can definitely adjust it to something more neutral or toned down.
Okay, I know there is a general flaw in some SMTP servers that can allow people to register email addresses under a domain, and whitehouse.gov is a domain that has existed since the 1990’s, and the log I found on the exposed directory was every email registered on the domain, and so it wouldn’t surprise me if somebody at some points in time registered fake emails under the domain whitehouse.gov to troll people
the email is legit though, I did use a checker https://email-checker.net/check
and all the troll emails no longer exist
this thing is common with Misconfigured Email Services, which the white house seems to have patched, but the records logs that they where created where still there