UAE Equestrian Federation Breached! DarkForums User Claims ‘Social Engineering’ Hack
Today, at 4:26 AM, a DarkForums user posted a large data leak sample purportedly from the Equestrian and Racing Federation of the United Arab Emirates, totaling 93,530 records. According to the user, they employed social engineering tactics to gain access, saying
tricked an employee to get me inside the system panel it include sensitive personal info.
This appears to be a classic case where an employee held the proverbial door open, allowing the attacker direct access without having to implement any technical exploit or credential stuffing.
This is a perfect example of the formidable prominence of social engineering attacks.
A brief examination of the user’s posts on the forum revealed only two recent threads, just days apart, on a profile created only two weeks ago. Despite being a fresh account, the user's posts have gained a lot of attention.
Below is a list of data that appears to have been dumped from a backend relational SQL database based on naming conventions, likely part of a centralized event management platform:
- Bankdetails.csv
- horseregentries2013-2014.csv
- horseregentries2015-2016.csv
- hotel_bookings.csv
- ownerregentries.csv
- riderregentries.csv
- riderregentries2013-2014.csv
- trainerrenewal.csv
- userprofile.csv
- view_transferdetails.csv
- vw_hotelbookings_list.csv
- vw_ownerprofiles.csv
- vw_portalusers.csv
- vw_riderprofiles.csv
- vw_trainerprofiles.csv
- wc_participants.csv
- wv_teams.csv
While the Federation has yet to comment on the breach, the attacker struck a defiant tone, saying:
can’t wait to be on the news.
In the same thread, the user shared a Telegram link, where they allegedly claim to be selling the full dump.
Examining the user’s July 30th posts regarding the UAE Equestrian and Racing Federation data leak, the user mirrored the same details on DarkForums, along with an additional leak advertised for sale from another UAE-based company, Binghatti Real Estate, which was also mirrored on DarkForums.
Social Engineering Attacks Remain Prominent
Current reports for 2025 show that social engineering remains the most prevalent tactic in cyberattacks, used in up to 98% of cases. Notably, between 60 to 68% of breaches involve the human element, with phishing continuing to be the most common social engineering tactic used by threat actors.
This means that the weakest link in the proverbial chain of cybersecurity remains the human element. I receive phishing emails and text messages quite often. Even the unsolicited automated phone calls. Most of us do, more or less.
If you’ve ever heard the phrase “Trust, but verify”, be sure to throw that out the window, because we are living in a world where trust has become the greatest vulnerability. “Trust nothing, but verify everything” should be your new cybersecurity slogan.