INTELLIGENCE
ZERO|TOLERANCE
Intelligence Advisory
zerotolerance.me

Saudi Government Portal Pryx Exploits IDOR to Leak 40GB of Citizen Data

Aug 2024 · Government sector

Publication Date
2024-08-01
Category
Data Breaches
Author
K. Ellabban
Organization
Zero|Tolerance Security Research

Saudi Government Portal: Pryx Exploits IDOR to Leak 40GB of Citizen Data On August 27, 2024, threat actor Pryx published approximately 40 gigabytes of data exfiltrated from saudi.gov.sa, the Saudi government's central services portal. The data included scanned national ID cards, driver's licenses, work CVs and resumes, and private email attachments.

Executive Summary

KEY FACTS

  • WhatThreat actor Pryx exploited IDOR to leak 40GB from saudi.gov.sa.
  • WhoSaudi citizens who uploaded documents to the government portal.
  • Data ExposedNational ID scans, driver's licenses, CVs, and email attachments.
  • OutcomeOccurred 18 days before PDPL enforcement; Pryx unmasked as Hellcat co-founder.
References

SOURCES

Resecurity, BleepingComputer, Dark Reading, Saudi PDPL

Related Analysis

Related Intelligence

Saudi Intelligence Agency: 11GB Classified Data Leak
Mar 1, 2025 · Intelligence sector
Saudi Ministry of Foreign Affairs: 1.4M Employee Records on Dark Web
Jan 2024 · Government sector
SDAIA's First Year: 48 PDPL Enforcement Decisions
2024 · Regulatory analysis
UAE Government Portals Breached by Multiple Threat Actors
2024 · Government sector
NEOM Job Portal: 280,000 Applicants' Data Exposed in Recruitment Breach
Jan 23, 2025 · 280K applicants
MORE DATA BREACHES →