We've been tracking a noticeable uptick in breaches targeting sports and entertainment platforms over the past quarter. What caught our attention with the Saudi Pro League (SPL) breach wasn't the scale – just under a thousand records – but the simplicity and age of the hashing algorithm used. The data had been circulating quietly on a relatively obscure forum, but the potential for credential stuffing attacks against fans and personnel alike prompted a closer look.

Saudi Pro League Breach: Under 1,000 Records, MD5 Passwords

The official website of the Saudi Pro League, a football league in Saudi Arabia, suffered a data breach in March 2025. This incident exposed 940 user records, including email addresses, full names (first and last), usernames, and password hashes. The passwords were unfortunately hashed using the outdated MD5 algorithm, making them relatively easy to crack with modern tools. The breach came to light after the data was posted on a smaller, less frequented forum known for trading gaming and sports-related credentials.

What made this breach noteworthy was the use of MD5 for password hashing. In today's cybersecurity landscape, this is considered a significant lapse in security practices. The relative ease with which MD5 hashes can be reversed poses a direct threat to the affected users, especially if they reuse the same passwords across multiple platforms. Enterprises should be aware that even smaller breaches can have significant ripple effects if basic security measures are neglected.

Key point: Total records exposed: 940

Key point: Types of data included: Email addresses, usernames, first names, last names, passwords (MD5 hashed)

Key point: Sensitive content types: PII

Key point: Source structure: Database export

Key point: Leak location: Obscure forum (specific URL unavailable)

Key point: Date of first appearance: March 26, 2025

While we don't have definitive attribution for this breach, the simplicity of the attack vector suggests a relatively unsophisticated attacker. However, the impact could be amplified if the compromised credentials are used in credential stuffing attacks against other services used by SPL fans or personnel. This highlights the importance of password hygiene and the need for organizations to enforce strong password policies and multi-factor authentication.

The incident underscores a recurring theme: even organizations with significant resources can fall victim to basic security oversights. The use of MD5 hashing in 2025 is a clear indication of outdated security practices. This breach serves as a reminder that continuous security assessments and updates are crucial to protect sensitive user data.

Email · Address · Password · Hash · Username · First · Name · Last

We're seeing an uptick in breaches targeting organizations in the Middle East, particularly those involved in infrastructure and property management. Our team flagged a recent leak from the official platform for **Khidmah**, a facilities management and property solutions provider based in Abu Dhabi. What really struck us wasn't the relatively small number of records, but the combination of PII and precise geographical locations, which could present a heightened risk profile for affected individuals. The data had been circulating quietly on a specialized forum, but we noticed its potential impact given Khidmah's prominent role in the region.

The Khidmah Breach: 3,079 User Records Expose Location Data

The official platform for Khidmah, a facilities management and property solutions provider headquartered in Abu Dhabi, United Arab Emirates, suffered a data breach in May 2025, affecting approximately 3,079 users. The breach came to light when a database dump was posted on a dark web forum known for trading in regional data. The combination of personally identifiable information (PII) with geographical location data immediately raised concerns. This incident highlights the increasing need for robust cybersecurity measures, particularly within critical infrastructure and service sectors where location-sensitive user data is often collected and managed.

The leak was discovered by our team during routine monitoring of underground forums frequented by threat actors known to target Middle Eastern organizations. What caught our attention was the detailed nature of the location data, which included not just city-level information, but precise geographical coordinates. This level of detail, combined with the user's full names and contact information, could be exploited for targeted phishing campaigns, social engineering attacks, or even physical stalking.

This breach matters to enterprises now because it underscores the growing threat landscape facing organizations in the Middle East, particularly those handling sensitive user data. The combination of PII and precise location data creates a significant risk for affected individuals. It also serves as a reminder of the importance of implementing robust data protection measures, including encryption, access controls, and regular security audits.

Key point: Total records exposed: 3,079

Key point: Types of data included: Email Address, Username, First Name, Last Name, Gender, Physical Address, Geographical Location

Key point: Sensitive content types: PII, Location Data

Key point: Source structure: Database

Key point: Leak location(s): Dark Web Forum

Key point: Date of first appearance: 08-May-2025

While we haven't been able to independently verify the exact forum where the data was initially posted, similar breaches of Middle Eastern organizations have been observed on platforms like RaidForums (prior to its takedown) and various Telegram channels dedicated to data leaks. These channels often serve as marketplaces for stolen data, where threat actors can buy and sell compromised information. The fact that the data was circulating on such a forum suggests that it may have been obtained through a targeted attack or a vulnerability in Khidmah's systems.

Email · Address · Username · First · Name · Last · Gender