Great Britain

Man City boss Pep Guardiola ‘hacked by rogue IT worker’ who tried to sell private emails for £100,000

PEP Guardiola is at the centre of a cop probe after an alleged hacker tried to sell his private emails for £100,000.

A rogue IT worker claimed they got players’ personal details and records of confidential transfer talks from the Manchester City boss’s club email account.

And he boasted he had obtained every player’s phone number and email address — details which could be used to illegally target other stars.

The expert — who attempted to sell the information for £100,000 — said hacking Guardiola was the “easiest thing” he had done.

He took screenshots of the Spaniard’s email exchanges while working at the club’s Etihad base in 2017.

The rogue worker told undercover investigators he had managed to access “every email” sent to and from the 49-year-old former Barcelona boss.

Passing over his current mobile phone, the man said: “Hypothetically, I could have accessed it on that phone and taken screenshots because I was an IT contractor there.”

He added: “This is the easiest thing I’ve ever had to do.”

The man claimed to have been a contractor for the Blues for around two years from 2016, until City ended its relationship with the IT firm.

Over two days in July 2017 he accessed Pep’s account from his mobile, downloading personal emails, confidential transfer exchanges and the manager’s entire contacts book.

He showed the investigators several screenshots that had been sent to his encrypted ProtonMail email account — which he claimed police would not be able to access.

Pushed on where the other material was stored, he simply said it was “safe”.


He added: “I don’t keep them on any of my personal stuff. I can get them if you want to have a look at them.”

He continued: “I’m not going to keep it on my phone, am I, because if my phone gets busted I’m f****d.”

Reeling off information about “possible transfers to City”, he said he had seen chats relating to ex-Ajax centre back Matthijs de Ligt and former Borussia Dortmund defender Sokratis Papastathopoulos.

De Ligt, 20, moved to Juventus last summer and Papastathopoulos, 31, signed for Arsenal in 2018.

He also said he had “contact details for each player” — referencing former City goalkeeper Joe Hart and ex-captain Vincent Kompany.

The hacker said he had got “personal email addresses, phone numbers, etc.”

He smirked as he added: “They’re all stored on his (Pep’s) email account — but he doesn’t know, he doesn’t realise.”

“It’s Joe Hart’s personal email, Vincent Kompany’s personal email, there were others but I can’t remember.

“You can access the emails from anywhere, if you wanted to. Once you’ve got the password, you’re in.”

He then got up and darted out of the luxury hotel where he had met the investigators.


The man was attempting to pocket £100,000 — which he demanded to be paid in crypto-currency Bitcoin.

Following the meeting, The Sun contacted Manchester City chiefs and provided them with a dossier of evidence.

City then contacted Greater Manchester Police and officers spent several days tracking the suspect before arresting him on Monday.

Officers were understood to have conducted a search of his home and were also examining his computers, mobile phones and email accounts.

A police spokeswoman said: “A 30-year-old man has been arrested on suspicion of offences under the Computer Misuse Act 1990.

“The man has been released under investigation. The investigation is ongoing.”

Reigning Premier League champions City are owned by the billionaire Sheik Mansour bin Zayed Al Nahyan, left, one of football’s wealthiest owners.

Last night they were in Champions League action in Spain against Real Madrid.

A club insider told The Sun: “City — like most other large businesses — has massively increased its cyber security standards in recent times.

“However, it is incredibly difficult to protect against the decision of an employee or ­contractor to breach the fundamental trust placed in them and their role.

“It is shocking that in this day and age, someone thinks that they can do something like this and get away with it.”

A club spokeswoman said yesterday: “While we had terminated the services of this consultant and the company he was contracted to two years ago, we were unaware of the serious crimes he is alleged to have committed whilst working with us and the subsequent alleged attempts to profit from those crimes.

“It is a matter of public record that we have been the target of several criminal attacks through our IT systems in recent years.

“Thanks to The Sun in bringing this serious incident to our attention, and Greater Manchester Police for their swift action, at least one alleged perpetrator faces being held accountable for his actions.”

Bad run of tech trouble

THE alleged email theft is the latest in a string of IT-­related problems to hit City.

Earlier this month the club was handed a two-year ban from the Champions League after German newspaper Der Spiegel publishing leaked private emails.

The material showed “serious breaches” of Uefa’s club licencing and financial fair play regulations.

City is contesting the ban on the grounds the material was obtained illegally and claims it has done nothing wrong.

Last September it was reported that City were paid £1million in compensation by Liverpool over alle­gations that the Blues’ scouting network had been hacked into.

City was said to have employed computer-espionage experts to see if their system had been spied on.

The confidential settlement, in September 2013, came a year after three former City scouts moved to the Reds.

Two were accused of accessing City’s database on the Scout7 system, which is used by scores of Premier League clubs.