Breach, Compliance Management, Data Security, Privacy

David Beckham’s emails hacked and released after ransom refusal

David Beckham's emails were held hostage by hackers, according to UK newspaper the Daily Mirror. The 41-year-old football superstar's representatives reportedly refused to pay a ransom of €1 million (£860,000) and, as a result, had a number of emails published on Friday, initially by website Football Leaks and then by a number of European newspapers.

The ‘Beckileaks' came as part of a breach on sports and entertainment agency, Doyen Global, which has worked with a variety of leading sports stars such as Usain Bolt and Xavi Hernandez.

In total, 18.6 million emails on Doyen email servers were apparently accessed in 2015 and 2016 before the Beckham emails were handed over to and published by three European newspapers: Der Spiegel, L'Equipe and El Mundo.  

Doyen Sports, a subsidiary of Doyen Global, was apparently approached by someone last year using the name ‘Artem Lovuzov'. Lovuzov said that the leak was ‘a lot bigger than you imagine', before asking for between €500,000 (£431,000) and €1 million (£862,000) for all the information to be destroyed.

When no payment was received, Lovuzov apparently leaked to website Football Leaks which published the emails on Friday. .

The hack did not apparently target Beckham specifically, but was the result of a fishing expedition.

The emails supposedly contain embarrassing revelations about the former footballer. Chief among the details released is how Beckham hoped that his millions in donations to charities such as UNICEF might secure him a knighthood.  Several expletive laden messages reveal his ire at not being granted an honour, while Welsh opera singer, Katherine Jenkins was granted an OBE.

A Beckham's spokesperson has told press that the emails have been doctored and taken out of context to give a “deliberately inaccurate picture”.

Mark James, IT security specialist at ESET, told SC Media UK that ransom cases are tough:

“Celebrities are always going to be a high-level target when it comes to cyber-criminals and blackmail. In all cases of blackmail there is a chance that even if you do pay the initial payment there is nothing stopping the criminals from asking for more money once you have paid.”

Portuguese police, who have jurisdiction over the Portugal-headquartered Doyen, have apparently been investigating for 12 months. The Sun newspaper quoted one source as saying, “The cyber-crime unit is involved and they are taking it extremely seriously. It has gone right to the top.”

Jonathan Sander, VP of product strategy at Lieberman Software, applauded Beckham's decision. He told SC, “Cybercrime powered blackmail is a police matter and it's good that David Beckham treated it that way by going to the authorities. Too many people and organisations, faced with ransomware or more targeted cyber-crime, treat it like an IT issue, not a criminal affair. That hurts them and also hurts the overall community because it robs the authorities of a full view of the activities of the bad guys. There may be electronic fingerprints in one case that's never reported that would solve dozens of others sitting on file.”

SC contacted Doyen for comment, but did not receive a response in time for publication

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.