A tiny Raspberry Pi computer has been used to steal sensitive data from NASA's Jet Propulsion Laboratory (JPL), it has emerged.
The credit card-sized computer costs around £30, and has been promoted as a way to teach basic computer science in schools.
However, one of the devices found its way onto the JPL network and has been used to steal 23 files containing approximately 500 MB of data.
NASA said two of the files that were taken contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission.
These files are particularly sensitive because they deal with the international transfer of restricted military and space technology.
The hacker reportedly gained access to the JPL internal network via the Raspberry Pi by hijacking its user account.
Once inside, he or she was able to exploit weaknesses in JPL's system of security controls to move around undetected, gaining access to two of the three primary JPL networks.
The attacker went undetected for about 10 months before the Raspberry Pi was discovered. He or she has still not been identified or caught.
The audit process revealed several other devices on the JPL network that system administrators did not know about. However, none of these are believed to be malicious.
In its audit report , NASA admitted that "multiple IT security control weaknesses reduce JPL's ability to prevent, detect, and mitigate attacks targeting its systems and networks".
These vulnerabilities "place JPL at risk of cyber intrusions resulting in the theft of critical information".
The US space agency is now taking steps to tighten up its cyber security defences, to prevent a repeat of the hack.