Over 700,000 records of Dubai largest real estate company Emaar Properties and Select Group are claimed to have been sold on the dark web. Threat actor ksa901 has posted information about owners and tenants, car information, government API keys and SMTP credentials. There are no official confirmation yet, but this claim is a serious cybersecurity concern.
What Exactly Happened in the Alleged Data Breach?
On a cybercrime forum, a threat actor with the username ksa901 posted that he had stolen data from the servers of Emaar Properties and Select Group, two prominent Dubai real estate companies. The post stated that the data was breached a week ago and that he was now selling it.
Dark Web Informer which monitors the dark web and shared the claim on X and confirmed that the post was genuine.But not Emaar or Select Group has made an official statement yet so this is still just an alleged breach and not a confirmed one.
What Data Was Exposed? Attacker Claims Explained
According to the attacker’s claim, the leaked dataset contains records of more than 700,000 property owners and tenants. These include names, phone numbers, email addresses, physical home addresses, car information, and parking details.
There are also 7GB of documents. But the most serious part is that the attacker says the database also contains SMTP credentials, i.e. email server access, and API keys, including government API keys. If this is true, then this is not just a personal data leak and it also poses a threat to the UAE digital infrastructure.The Threat actor also share the sample data
Risk of Premium Contacts Data
The attacker specifically mentioned in his post that this data contains information of Sheikhs, High Excellency government officials and rich people living in Burj Khalifa. This is what differentiates this breach from a common data leak.
The names, addresses and contact details of such high profile people open the door for targeted spear phishing, blackmail and social engineering attacks. Criminals can use this data to directly contact any affected person by using their name and property details and that person will naturally trust them as all the information will be absolutely correct.
There was a very revealing line in the attackers post Since no one bought last time now I am offering a cheaper price This suggests that attempts have been made to sell this data before and no one bought it.
This is a common pattern on the dark web when either the data is fake or so old that it is of no use to anyone or the buyer doubts the value of the data. Therefore it is not right to panic just by looking at a forum post independent verification is necessary.
A Repeated Pattern in the UAE
This is not an isolated incident. In 2025 the Emirates NBD Brokerage database was sold on the dark web, 22,000 Dubai Pulse records were leaked, the Dubai Municipality was targeted, and research by CYFIRMA suggests a serious and growing pattern of cyber attacks in the UAE.
The real estate sector is a particularly attractive target because the data of high value individuals is centralized there.
Recommended Actions
If you are an Emaar or Select Group customer whether an owner or a tenant change your Emaar account password immediately. Never trust any suspicious email or phone call, even if it uses your real name, without verifying. Enable two-factor authentication on your email accounts.
And wait for any official communication from Emaar or Select Group. Check your email at HaveBeenPwned.com to see if there was any breach.
