Pro-Iranian hackers leak personal data of Saudi Games 2024 participants

Thousands of sensitive personal records from the Saudi Games 2024 registration platform have been leaked by a pro-Iranian hacktivist group, in what cybersecurity experts are calling a politically motivated cyberattack with significant regional implications. The breach was disclosed on June 22, 2025, when the group, known as Cyber Fattah, published stolen SQL dump files obtained via unauthorized access to the platform’s phpMyAdmin systems.

The leaked information includes passport and ID scans, International Bank Account Numbers (IBANs), medical certificates, and login credentials tied to IT personnel and Saudi government officials. The registration system managed data from thousands of athletes and visitors involved in the Saudi Games, making the breach particularly damaging and high-profile.

According to cybersecurity firm Resecurity, this attack forms part of a larger information warfare campaign orchestrated by Iran and its affiliates to promote anti-US, anti-Israel, and anti-Saudi narratives in cyberspace. The timing of the disclosure—just days after U.S. missile strikes on Iranian nuclear facilities and subsequent distributed denial-of-service (DDoS) attacks on Truth Social, a U.S.-based social media platform—suggests a deliberate strategy to escalate digital conflict amid rising geopolitical tensions.

The hacker behind the leak, identified by the pseudonym “ZeroDayX,” released the data via a disposable profile on the dark web. Analysts say such tactics are typical of nation-state-aligned actors aiming to avoid direct attribution while amplifying propaganda through proxy media networks, including channels affiliated with Hezbollah.

Cyber Fattah has publicly framed the attack as retaliation against regional adversaries, leveraging the incident as a tool of psychological and political warfare. The stolen data is believed to originate from a database containing records submitted by more than 6,000 athletes across 53 sports disciplines, underscoring the scale of the breach.

The intrusion highlights the growing vulnerability of major sporting events to cyber threats. Experts note that these events offer a combination of valuable personal and financial data, exposed infrastructure, and opportunities for high-impact messaging, making them attractive targets for state-sponsored and hacktivist groups alike. The 2018 Winter Olympics and other global tournaments have previously faced similar breaches, reinforcing the trend.

With Saudi Arabia set to host the Esports World Cup, the 2026 Gulf Cup, and possibly the 2036 Olympics, the kingdom remains a prominent target for digital aggression. The breach adds urgency to calls for robust cybersecurity frameworks in the region.

Resecurity has recommended that organizers and stakeholders in the sports sector deploy advanced cyber-threat intelligence (CTI) platforms and digital identity protection (IDP) tools. These systems can help detect credential exposures, monitor third-party risks, and rapidly respond to emerging threats, thereby enhancing the resilience of critical digital infrastructure.