Thousands of personal records linked to athletes and visitors of the Saudi Games have been leaked online following a cyber-attack attributed to the pro-Iranian hacktivist group Cyber Fattah.
The breach was disclosed on June 22 2025, when the group published SQL dump files stolen via unauthorized access to phpMyAdmin systems.
This is the latest in a growing trend of politically motivated cyber-attacks targeting high-profile regional events.
The leaked data includes scans of passports and ID cards, medical certificates, International Bank Account Numbers (IBANs) and credentials belonging to IT staff and government officials.
According to Resecurity, the breach is part of a broader information operation driven by Iran and its affiliates to advance anti-US, anti-Israel and anti-Saudi narratives in cyberspace.
What sets this incident apart is its strategic timing and geopolitical undercurrents. The leak announcement came shortly after distributed denial-of-service (DDoS) attacks on Truth Social, following US airstrikes on Iranian nuclear facilities.
Analysts view the leak as an escalation in a coordinated campaign that uses cyber tactics to undermine regional stability.
The stolen data reportedly originated from the Saudi Games 2024 registration platform, which handles sensitive details submitted by over 6000 athletes across 53 sports.
Cyber Fattah framed the attack as a response to perceived regional adversaries and amplified it through allied channels, including Hezbollah-linked and pro-Iranian propaganda networks.
The actor behind the leak, identified by the handle “ZeroDayX,” used a throwaway profile to release the data on the dark web. This tactic, according to Resecurity, is common among nation-state actors or their proxies seeking to obscure direct attribution.
Targeting Sports for Strategic Gain
Major sporting events have increasingly become prime targets for cyber-attacks because they offer:
-
Access to vast personal and financial data
-
Opportunities for ransomware deployment
-
Platforms for geopolitical messaging
-
Vulnerabilities in connected infrastructure
-
Potential access to high-profile individuals and sponsors
The breach at the Saudi Games echoes previous attacks on global events, such as the 2018 Winter Olympics, and underscores the need for enhanced cyber-resilience in sports.
Saudi Arabia’s Cybersecurity Challenge
While no date has been set for the 2025 Saudi Games, the Kingdom is preparing to host the Esports World Cup, the 2026 Gulf Cup and potentially the 2036 Olympics. These events make the region an attractive target for cyber actors seeking to disrupt or damage Saudi Arabia’s international standing.
Resecurity has urged stakeholders to adopt digital identity protection (IDP) tools and cyber-threat intelligence (CTI) platforms to monitor, detect and respond to leaked credentials and sensitive data.
These solutions are designed to identify breaches early, mitigate third-party risks and fortify digital infrastructure against emerging threats.
