Cyberattack Exposes Personal Data from Saudi Games, Linked to Iran-Backed Group
Thousands of personal records belonging to athletes and visitors of past Saudi Games events have been leaked by a group known as "Cyber Fattah," according to U.S.-based cybersecurity firm Resecurity.
Resecurity identified the group as part of a broader movement responsible for leaking data related to one of Saudi Arabia’s largest sporting events. The information was published in the form of SQL database dumps after the threat actors reportedly gained unauthorized access to phpMyAdmin and extracted stored records.
Experts at Resecurity believe the breach is part of a wider information operation supported by Iran and its allies, aimed at undermining regional stability and spreading fear. The incident aligns with an increasing number of cyber activities promoting anti-U.S., anti-Israel, and anti-Saudi narratives, especially around major cultural and sporting events.
This breach is particularly concerning in the context of growing tensions between Iran and Israel. Threat actors appear to be exploiting the high-profile role of Saudi Arabia and the United States in regional diplomacy and security. Groups linked to Hezbollah, Hamas, and other pro-Iranian organizations in Iraq have further amplified the event through online propaganda efforts.
The compromised data appears to come from a database linked to the Saudi Games 2024 official registration platform. This system collected personal information from athletes, visitors, and their teams for identity verification and account activation. The attackers claimed that the Saudi Games were among the largest and most widely followed events in the region, initiated by the Saudi government to promote sports nationwide. Resecurity suggests that the selection of this target was strategic, likely part of an effort by Iran to spread instability through cyber channels.
The leaked records include sensitive personal details, such as personally identifiable information (PII), International Bank Account Numbers (IBANs), and medical examination certificates submitted by participants.
The cyberattack raises serious concerns, not only for cybersecurity but also for sports integrity and public trust. While the date for Saudi Games 2025 has not been announced, the Kingdom continues to host numerous international sporting events, including the Islamic Solidarity Games, the 2025 Esports World Cup, and the 2026 Gulf Cup.
Hosting the 2036 Olympic Games is among Saudi Arabia’s long-term national goals. Analysts believe this cyberattack may have been an attempt to damage the country's international image and hinder its efforts in global sports development by targeting one of its flagship sporting events.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
