The Twitter account of Leave.EU co-founder Arron Banks has been suspended following a hack that exposed the personal messages of the Brexit financier.
A spokesperson for Leave.EU told Verdict that Banks would be pursuing legal action against Twitter.
Banks’ account appeared to have been breached at around 3pm yesterday (18 November) after an unidentified hacker posted an encryption hash for a data dump.
Nine hours later the hacker used Banks’ compromised account to post that a “file of my full twitter private data dump” was coming soon.
Banks’ account then made two posts containing what it claimed to be a link to the data dump and a password.
Screenshots shared on social media
Screenshots claiming to show some of Banks’ Twitter messages have been circulating on social media. Verdict did not access the data dump to verify these messages. However, Leave.EU communications director Andy Wigmore confirmed to Verdict that at least some of the messages were accurate.
“It’s accurate stuff…I haven’t read all of them, but you just never know,” he said. “But the ones we’ve seen so far I mean, yeah, we can remember those, but I haven’t seen all of them. I mean God knows what’s in there.”
Asked whether a message from Dominic Raab thanking Banks for getting the Brexit Party to stand down in certain seats was legitimate, Wigmore said it was “quite possible”, adding that it was “quite normal” to communicate with MPs and journalists via Twitter.
A screenshot also purported to show a conversation in which Mail on Sunday journalist Dan Hodges said to Banks “I just spent £1000 of your money on tea with Priti Patel”.
Wigmore explained that this was from a charity auction arranged by the Daily Telegraph’s chief political correspondent Christopher Hopes.
“Arron asked, because we couldn’t go, so we asked people to bid on our behalf,” Wigmore said. Hodges confirmed this separately on Twitter.
Wigmore also explained that a message with Guido Fawkes referencing £10,000 in a safe was “a bet on the referendum”.
“Arron bet Paul Staines [who publishes Guido Fawkes] that we win the referendum. Paul Staines said no, we wouldn’t. And Arron won and it was in cash, that was the bet,” said Wigmore.
Staines has since contacted Verdict to clarify that the bet was on the 2016 presidential election, not the Brexit referendum.
Arron Banks hacked: Did he use 2FA?
In a statement posted on the official Leave.EU Twitter account, Banks confirmed the hack:
“I became aware last night that my Twittter account has been hacked and that persons involved have posted personal data obtained illegally via Twitter. The matter has been reported to the police.
“Twitter were notified 12 hours ago, and despite repeated requests they have taken no action to deactivate the account or remove the illegal data downloads.
“Despite the obvious lack of security at Twitter relating to personal data, they have deliberately chosen to leave personal data in the public domain.”
In a statement, a Twitter spokesperson told Verdict “We have taken steps to secure the compromised account. We will continue to take firm enforcement action in line with our policy which strictly prohibits the distribution on our service of materials obtained through hacking.”
“I literally sent a courier around [Twitter’s] offices with a note”
Wigmore told Verdict that Twitter’s slow response was “shocking” and said that Banks had been using two-factor authentication. He said that Banks’ insurance companies were not affected by the hack. He added that they were currently checking Banks’ personal computers to establish if any other personal data was compromised, although at this stage it did not appear to be the case.
“There’s nothing in there which we’re concerned about. What we’re concerned about is the fact that it can be done, which really shocked us,” said Wigmore.
“And the fact that even when something like that happens, they [Twitter] will not respond. We tried everything. I mean, I literally sent a courier around their offices with a note, that’s how bad it was.”
Wigmore added that Banks’ lawyers would be taking action against Twitter and warned that anyone who had downloaded data from that file would “get a letter”.
Under the Computer Misuse Act 1990 it is against the law to access or modify data stored on a computer system without permission.
Leave.EU and Banks’ Eldon Insurance firm were previously fined a combined £120,000 by the UK’s data regulator for breaching data protection laws during the Brexit referendum.
This article has been updated to include Twitter’s response and a clarification from Paul Staines.