Iran-Linked Threat Actors Leak Visitors and Athletes' Data from Saudi Games

Today (June 22, 2025) — the threat actors associated with the “Cyber Fattah” movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of the major sports events in the Kingdom. The stolen data has been leaked in the form of SQL dumps - the actors gained unauthorized access to phpMyAdmin (backend) and exfiltrated stored records. Resecurity views this incident as part of a broader information operation (IO) carried out by Iran and its proxies for various objectives.

Based on our assessment, this is an example of Iran using data breaches as part of a larger anti-US, anti-Israel, and anti-Saudi propaganda activity in cyberspace, targeting major sports and social events. Due to the significant scale of the data breach and the precedent set by Iranian proxies attacking major sporting events, Resecurity is sharing the collected intelligence to raise awareness within the cybersecurity community and to equip stakeholders with actionable insights and risk mitigation strategies.

The leak was announced at 6:27 PM PST on Cyber Fattah’s official Telegram channel, following the DDoS attacks on Truth Social, a popular social media network, after the U.S. conducted airstrikes on Iran’s nuclear sites.

To read the complete article see:

Read more here
🚨 Note: The information in this article is intended for awareness and education purposes in the cybersecurity community.