Cyber Incident Victim: National Aeronautics and Space Administration

On July 6, 2016, the official Twitter account for NASA’s Kepler mission was compromised by unauthorized actors. The account, used to share updates about the spacecraft’s search for habitable planets in the Milky Way, posted at least one explicit tweet containing an image of a butt and a suspicious hyperlink. The unauthorized content also appeared embedded on the Kepler mission’s official NASA website due to Twitter feed integration, amplifying its visibility beyond social media platforms. The incident represented a visible breach of a government-affiliated scientific communication channel, though the exact method of compromise (e.g., credential theft, phishing, or platform vulnerability) was not disclosed publicly. No additional disruptive actions, such as data deletion or prolonged account control, were reported beyond the pornographic tweet and link.

The hack aligned with a broader pattern of high-profile Twitter account takeovers by pornographic spam operators during this period, as documented by cybersecurity firm Symantec’s analysis of 2,500 similar incidents months earlier. NASA regained control of the @NASAKepler account by 10:57 AM EST on the same day, restoring normal operations without elaborating on technical remediation steps. The agency did not confirm whether other systems or accounts were targeted, nor did it identify the perpetrators or their motives. While the incident disrupted official communications temporarily, no evidence suggested compromise of Kepler’s flight systems or scientific data. The breach underscored vulnerabilities in social media account security even within rigorously managed government programs, though its operational impact remained confined to reputational and public relations dimensions.