Saudi Pro League

We're seeing an uptick in breaches targeting organizations in the Middle East, particularly those involved in infrastructure and property management. Our team flagged a recent leak from the official platform for **Khidmah**, a facilities management and property solutions provider based in Abu Dhabi. What really struck us wasn't the relatively small number of records, but the combination of PII and precise geographical locations, which could present a heightened risk profile for affected individuals. The data had been circulating quietly on a specialized forum, but we noticed its potential impact given Khidmah's prominent role in the region.

The Khidmah Breach: 3,079 User Records Expose Location Data

The official platform for Khidmah, a facilities management and property solutions provider headquartered in Abu Dhabi, United Arab Emirates, suffered a data breach in May 2025, affecting approximately 3,079 users. The breach came to light when a database dump was posted on a dark web forum known for trading in regional data. The combination of personally identifiable information (PII) with geographical location data immediately raised concerns. This incident highlights the increasing need for robust cybersecurity measures, particularly within critical infrastructure and service sectors where location-sensitive user data is often collected and managed.

The leak was discovered by our team during routine monitoring of underground forums frequented by threat actors known to target Middle Eastern organizations. What caught our attention was the detailed nature of the location data, which included not just city-level information, but precise geographical coordinates. This level of detail, combined with the user's full names and contact information, could be exploited for targeted phishing campaigns, social engineering attacks, or even physical stalking.

This breach matters to enterprises now because it underscores the growing threat landscape facing organizations in the Middle East, particularly those handling sensitive user data. The combination of PII and precise location data creates a significant risk for affected individuals. It also serves as a reminder of the importance of implementing robust data protection measures, including encryption, access controls, and regular security audits.

Key point: Total records exposed: 3,079

Key point: Types of data included: Email Address, Username, First Name, Last Name, Gender, Physical Address, Geographical Location

Key point: Sensitive content types: PII, Location Data

Key point: Source structure: Database

Key point: Leak location(s): Dark Web Forum

Key point: Date of first appearance: 08-May-2025

While we haven't been able to independently verify the exact forum where the data was initially posted, similar breaches of Middle Eastern organizations have been observed on platforms like RaidForums (prior to its takedown) and various Telegram channels dedicated to data leaks. These channels often serve as marketplaces for stolen data, where threat actors can buy and sell compromised information. The fact that the data was circulating on such a forum suggests that it may have been obtained through a targeted attack or a vulnerability in Khidmah's systems.

Email · Address · Username · First · Name · Last · Gender