Criminals have hacked the European Space Agency (ESA) just to show it could be done, with no plans to actually do anything malicious with the data they released.

In fact, the hackers said the motivation for the attack was "lulz", despite them stealing the details of 8,000 researchers and supporters of the organisation including full names, fax numbers, phone numbers, addresses, email addresses and the name of the organisation or employer they belonged to.

52 of these people were internal ESA users.

The details were leaked in three separate posts online and apparently originated from ESA subdomains including sci.eas.int, exploration.esa.int, and due.esrin.ease.int.

The criminals used a blind SQL vulnerability to gain access to the ESA's database, which then allowed them to steal the details of the victims.

However, the leak revealed that those involved with the ESA aren't particularly secretive when it comes to inventing passwords, with many of them comprising just three characters, mostly number combinations.

Additionally, analysis of the information showed 39 per cent of the leaked passwords comprised of three digits, while 16 per cent were eight-character codes. The longest password had 24 characters, making it well-secured, yet there were only 22 records with 20-character passwords attached to them.