25,000 UAE Police Officers’ PII for Sale on Data Sharing Forum

Several forum members have shown interest to procure the data that is being sold for $500. The data could be used to blackmail law enforcement officials.
Updated on
April 19, 2023
Published on
July 9, 2020
Subscribe to the latest industry news, threats and resources.
CloudSEK has discovered a data leak that contains sensitive information of 25,000 United Arab Emirates (UAE) police officers. The police in the UAE come under the Ministry of Interior. However, each of the 7 emirates has a police force that is responsible for law and order within their borders. And the ministry integrates these police forces and security systems.

Discovery of the leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 25,000 UAE police officers.  The post was published on 07 July 2020 at 11:51 AM. The poster is selling ‘UAE Full(25K) police info’ for $500 and has shared 9 samples to support their claims. In response to this post several forum members have shown interest in buying the data.  UAE police data for sale We downloaded the samples from the forum to validate its contents.  

The contents of the leak

The sample images contain 9 police officers’: 
  • First name
  • Last name
    • Mobile number
    • Email address
  • Work phone number
  • Address (in some cases)

Data verification and validation 

Using public sources we were able to verify various fields in the sample data. The sample contains the details of officials in the Dubai and Abu Dhabi Police forces.  UAE conv In response to a buyer’s query, the seller has shared the image of an Abu Dhabi Police (adpolice.gov.ae) database that contains 31,878 files and 6 folders.  UAE files  


Since this data belongs to law enforcement officials, the impact is much greater:
  1. These details could be used to harass and blackmail officials.
  2. Threat actors can use the PII in the data dump to orchestrate phishing campaigns, online and offline scams, and even identity theft.
  3. Since the source of the leak is not known, there is a possibility that threat actors can continue to exploit it. 
  4. Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts. Having these details makes it easier for threat actors to compromise the officials’ accounts. 

Next Steps

Recommendations for the affected officials
  1. Enable multi-factor authentication for all online accounts. 
  2. Don’t share OTPs with third-parties. While this is a rule of thumb, it is especially relevant in this case, because threat actors already have email IDs and phone numbers. So, the OTP is the only thing standing between threat actors and the officials’ accounts. 
  3. Review all online accounts and financial statements for suspicious activity.
  4. Caution friends and family against threat actors impersonating them.
Recommendations for the police forces
  1. Inform the affected officials.
  2. Identify the source of the leak and fix the vulnerability at the earliest.
  3. Perform an audit to ascertain the full extent of the leak and check if threat actors have launched any other attacks.

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations