The Web site of the European Space Agency (ESA) has been hacked into and a list of FTP accounts, as well as email addresses and passwords for administrators and editors have been leaked. The www(dot)esa(dot)int Web server was compromised by a well-known Romanian grey hat hacker who uses the online moniker of TinKode. The hacker posted details of the compromise on his blog in full disclosure style. However, the method he used was not revealed. The published data includes FTP accounts for a range of ESA subsites with passwords in clear text. A list of database users with hashed passwords was also disclosed, together with the SHA1-hashed server root password. The site administrator and editor credentials were exposed in plain text, as well as email addresses and passwords corresponding to Web site user accounts. The passwords are in readable form, but TinKode took the measure of partially hiding them before publishing. There is also a list of associated proxy user names and passwords. At the time of writing this article the www(dot)esa(dot)int Web site remains on line so it is not clear if the agency was alerted of the compromise in advance or not. TinKode is known for exposing vulnerabilities in high profile Web sites, the latest of which was an SQL injection in MySQL.com. Softpedia has learned April 18 that the hack was intended to mark the anniversary of the Apollo 13 crew‘s safe return to Earth on April 17, 1970, after failing to land on the Moon. The hacker leaked 13 FTP accounts, matching the mission‘s number.