Thousands of personal records from the Saudi Games have been leaked online following a significant cyber-attack. The attack is attributed to Cyber Fattah, a pro-Iranian hacktivist group that published the stolen data on June 22nd. This incident is viewed as the latest in a growing trend of politically motivated cyber-attacks targeting high-profile events.
This specific breach is believed to be part of a much broader information operation that is driven by Iran. It and its affiliates aim to advance anti-US, anti-Israel, and anti-Saudi narratives throughout the digital world. The strategic timing of the leak announcement came shortly after distributed denial-of-service attacks on Truth Social. Analysts now view the leak as a major escalation in a coordinated campaign to undermine all regional stability.
The leaked data includes sensitive information such as passport scans, ID cards, medical certificates, and bank account numbers.
The stolen data reportedly originated from the Saudi Games 2024 online registration platform, which handles sensitive participant details. This platform processed the information submitted by over six thousand athletes who competed across fifty-three different sports. Cyber Fattah has framed this attack as a direct response to its perceived regional adversaries and used allied channels.
The actor used a throwaway dark web profile to release the data, a common tactic to obscure attribution.
Major sporting events have increasingly become prime targets for cyber-attacks because they offer access to valuable data. These global events are platforms for geopolitical messaging and can provide access to high-profile individuals and their sponsors. The breach at the Saudi Games echoes previous attacks on other events, such as the 2018 Winter Olympics. This incident underscores the urgent need for enhanced cyber-resilience in sports, especially for Saudi Arabia’s upcoming events.
Reference:
