Iran-Linked hacktivists leak records of thousands of Saudi Games athletes and visitors
Learn More
The Iran-linked hacktivist group "Cyber Fattah" has leaked thousands of sensitive records containing personal information of athletes and visitors from the Saudi Games, one of the Kingdom's major sporting events. The breach was announced on June 22, 2025, through the group's Telegram channel
The threat actors gained unauthorized access to phpMyAdmin backend systems and exfiltrated stored records from the Saudi Games 2024 official website registration platform. The first non-public claims about the compromise began circulating on the Dark Web at the beginning of May 2025. SQL dump timestamps indicating the data was generated on May 5, 2025.
The stolen data was subsequently published on the cybercrime forum DarkForums by a user identified as "ZeroDayX". This is possibly a burner profile created specifically to distribute the breach. This tactic is common among nation-state actors and their proxies seeking to obscure direct attribution. The compromised data includes;
- IT staff credentials
- Government officials' email addresses
- Athletes' and visitors' personal information
- Scanned copies of passports and ID cards
- Bank statements and International Bank Account Numbers (IBANs)
- Medical examination certificates and forms
- Other sensitive documents related to Saudi citizens and foreign visitors
The number of affected individuals has not been disclosed by Saudi authorities or the event organizers. The leak occurred just days after the group conducted distributed denial-of-service attacks against Truth Social.
The activities of Cyber Fattah align with a broader trend of hacktivism in the Middle East, where groups frequently engage in cyber warfare as a form of activism.
The breach is targeting Saudi Arabia's ambitious sports hosting agenda. The attack appears designed to interfere with these efforts and damage Saudi Arabia's international reputation in advance of these high-profile events.
