Purportedly stolen Saudi Games data leaked by Iranian hacktivists

Infosecurity Magazine reports that pro-Iranian hacktivist operation Cyber Fattah has exposed thousands of records stolen from the Saudi Games 2024 registration platform, which managed information from athletes and visitors of the games, as part of Iran's sweeping information operations against regional adversaries.

Infiltration of the registration platform's phpMyAdmin systems allowed the exfiltration of passport and ID scans, International Bank Account Numbers, medical certificates, and IT staff and government official credentials, according to an analysis from Resecurity. Cyber Fattah's disclosure comes just days after U.S. social media platform Truth Social was disrupted by a pro-Iranian distributed denial-of-service intrusion following the U.S.'s missile strikes on Iran's nuclear facilities. With major sporting events becoming increasingly attractive targets for cyber intrusions due to connected infrastructure vulnerabilities, potential high-profile targeting, and geopolitical messaging, organizations in the sector have been urged by Resecurity to implement cyber threat intelligence platforms and identity protection tools that facilitate credential and data breach monitoring, discovery, and response, as well as third-party risk mitigation.