A massive leak of sensitive data — allegedly tied to athletes and attendees of the Saudi Games — was recently dumped online by a group calling itself Cyber Fattah, which claims to support Iranian cyber causes.
On June 22, 2025, the group announced the breach on Telegram, dropping raw SQL data dumps and claiming they had hacked into backend systems through phpMyAdmin. The cybersecurity firm Resecurity, which has been monitoring the group’s activities, confirmed the incident and referred to it as part of a coordinated disinformation and cyber campaign — likely linked to Iran and its affiliated online proxies.
“They broke into backend systems and pulled records that should never have been exposed. It wasn’t just a smash-and-grab — this was calculated,” Resecurity said in a statement.
The breach reportedly originated from the Saudi Games 2024 website — the official platform used by athletes, staff, and international visitors to register. Once the data was extracted, it was shared by a burner account named “ZeroDayX” on a dark web forum that’s grown in popularity after the repeated takedowns of similar sites like BreachForums.
The leak includes:
• IT admin credentials
• Government-issued emails
• Personal details of athletes and spectators
• Passport scans and national IDs
• Bank documents and IBANs
• Medical forms and health certificates
One troubling aspect? High-quality scans of personal IDs and passports were stored insecurely, making them an easy target for identity theft and fraud.
Sports events have become symbolic targets. And this breach comes at a time when tensions in the Middle East — especially between Iran and Israel — are boiling over.
Hacktivist groups are using major global sporting events as platforms for political messaging, disruption, and sometimes even espionage. Cyber Fattah, which has previously hit Israeli and U.S.-linked digital assets, appears to be expanding its scope to include Saudi targets as well.
This isn’t random. Saudi Arabia has made sports a key pillar of its Vision 2030 strategy — using it to build soft power, attract tourism, and promote a new national identity. Undermining these efforts through high-profile data leaks sends a message.
Cyber Fattah identifies as part of a wider network of pro-Iranian cyber groups, including:
• 313 Team
• Cyber Islamic Resistance
• LulzSec Black
They often act in coordination, sharing tactics and amplifying each other’s propaganda. The group also aligns itself with the so-called “Holy League”, a coalition targeting Israeli and Western interests. In the past, members have even collaborated with Russian-speaking groups, suggesting that some of these operations cross national and linguistic lines.
Interestingly, the actor “ZeroDayX” — the one who shared the Saudi Games data — has been linked to previous defacements showing images of Hezbollah leaders and anti-Israeli slogans. Some believe “ZeroDayX” is a front or alias used repeatedly to mask attribution.
Here’s why sporting events like the Saudi Games are becoming prime targets:
1. Tons of Data: Personal records, medical details, payment info — it’s all there.
2. Massive Attention: A global audience means any breach gets instant visibility.
3. Political Value: These events often reflect national pride and stability — making them tempting for adversaries.
4. Insecure Tech: Interconnected systems (IoT, biometrics, streaming platforms) present many entry points.
With Saudi Arabia set to host the Esports World Cup (2025), Gulf Cup (2026), and even aiming for the 2036 Olympics, the stakes are only rising.
Resecurity recommends stepping up digital identity protection for both individuals and organizations involved in these events. They’ve rolled out a specialized IDP (Identity Protection Platform) that monitors surface and dark web spaces for exposed credentials or personal info. Their CTI (Cyber Threat Intelligence) suite also helps governments and companies react quickly to leaks before they spiral.
One Resecurity analyst put it plainly:
“It’s no longer about just preventing breaches. It’s about watching the ecosystem and jumping on threats before they become headlines.”
This breach isn’t just a one-off attack. It’s part of a growing trend where cyber warfare, propaganda, and political rivalry all converge in the digital space — with sports, sadly, becoming the latest front line.
