Security
The Largest Data Breaches In The Middle East
According to an IBM report, the cost of cybersecurity incidents in the Middle East reached a new high of $6.93 million per data breach in 2021.

The Middle East aspires to become the global digital hub, and countries like the United Arab Emirates, Saudi Arabia, and Qatar are already leading various global rankings of ICT Indicators, including mobile broadband speeds and social media use frequency. However, the growing digitalization of the MENA region has made it an attractive target for cybercriminal activity.
According to an IBM report, which studied 500 breached organizations from across the world, the cost of cybersecurity incidents in the Middle East reached a new high of $6.93 million per data breach in 2021, significantly exceeding the global average cost of $4.24 million per incident.
To help you see behind cybersecurity statistics and understand the reality of data breaches in the Middle East, we’ve put together this list of some of the largest data breaches that have occurred in the region. These breaches have affected various industries and have together resulted in the compromise of millions of sensitive personal and business records.
2021 – Moorfields Eye Hospital Dubai Attacked By A Ransomware Group
What Happened: The ransomware group AvosLocker attacked Moorfields Eye Hospital Dubai in 2021 and successfully downloaded over 60 GB of data that was stored on its servers, including copies of ID cards, accounting documents, call logs, and internal memos. The attackers then encrypted the original information and demanded a ransom, threatening the hospital to leak it if not paid.
How It Happened: After conducting a detailed investigation of the incident, Moorfields Eye Hospital Dubai determined that the ransomware that encrypted its data was either sent in an email or distributed via a malicious ad.
Implications: As unfortunate as it is, ransomware attacks on hospitals and other healthcare providers are fairly common. Luckily, this particular attack didn’t paralyze any critical systems whose unavailability would endanger patient’s lives. Still, attacks like this one are a significant concern for healthcare organizations, and keeping them at bay must be a top priority.
2020 – UAE Police Data Listed For Sale On A Web Database Marketplace
What Happened: When researching the darkest corners of the internet in 2020, security firm CloudSek discovered that a data set containing the personal information of 25,000 UAE police officers was up for sale on a darknet market for $500, with multiple samples made available for free to attract buyers.
How It Happened: To this day, it’s not known how the data breach happened. It’s possible that someone with legitimate access to the data was contacted by cybercriminals with an offer they failed to resist. Of course, a cybersecurity vulnerability or phishing are another potential causes.
Implications: Any sale of personal information of police officers and other public servants has serious implications for national security, and it can also undermine public trust in law enforcement agencies and their ability to protect personal data against cybercriminals.
2019 – Dubai-Based Exhibition Firm Hacked And Its Clients Targeted
What Happened: In 2019, the email server of Cheers Exhibition, a Dubai-based exhibition firm, was hacked. The attacker then used their privileged access to target Cheers Exhibition’s customers, scamming one of them out of $53,000.
How It Happened: We don’t know which exploit or vulnerability the attacker used to infiltrate the email server, but we know that the attacker created highly convincing spoofed emails with wire transfer instructions and fake invoices. The biggest sign of fraud was the use of the “md@cheersexhlbitions.com” email address instead of “md@cheersexhibitions.com.”
Implications: Phishing attacks like the one that targeted Cheers Exhibition clients are among the most widespread cyber threats in the world, and they continue to be surprisingly effective because people still don’t pay enough attention to signs of phishing. Additionally, phishing scams are becoming more and more sophisticated, increasingly often taking the form of highly targeted spear-phishing scams.
2018 – Personal Data Of Lebanese Citizens Living Abroad Leaked
What Happened: During the months leading up to Lebanon’s general elections in May 2018, the personal data of Lebanese citizens living abroad was leaked by Lebanese embassies. The leaked information included the full name of each voter, their dates of birth, addresses, religion, marital status, and more.
How It Happened: This unfortunate data breach happened because embassy officials sent an email message to Lebanese citizens living abroad with a spreadsheet containing the personal information of more than 5,000 people. As if that wasn’t bad enough, the email addresses of those who received the spreadsheet were entered in the Cc field instead of the Bcc field, making them clearly visible.
Implications: It’s estimated that approximately 19 percent of data breaches are caused by human error, and this data breach serves as a great example of how far-reaching consequences can the neglect of fundamental cybersecurity best practices have.
2018 – Ride-Hailing Service Careem Breached And 15 Million Users Exposed
What Happened: Careem is a Dubai-based ride-hailing service that currently operates in around 100 cities across 12 countries. In 2018, the service revealed that the account information of 14 million of its drivers and riders had been exposed.
How It Happened: White-hat hackers and bounty hunters had been finding serious security weaknesses in the Careem app since at least 2016. Apparently, the ride-hailing service kept ignoring them until its drivers and riders paid the price. It then kept quiet about the breach for three months before it finally issued a public announcement.
Implications: The exposure of the personal information of 14 million Careem users, including names, email addresses, phone numbers, and trip data, raises concerns about the security practices of the apps we rely on every day, and it also highlights the importance of prompt and transparent communication in the event of a data breach.
2016 – Database With The Personal Data Of 50 Million Turkish Citizens Posted Online
What Happened: An anonymous hacker posted a government database containing the personal data of 50 million Turkish citizens on a torrent site, allowing anyone to download the roughly 1.4 GB compressed file. Included with the database was a message taunting the Turkish government and its approach to cybersecurity.
How It Happened: The anonymous hacker who uploaded the database revealed that poor data protections — namely a hardcoded password — were the main reason why they were able to obtain it in the first place. Hardcoded passwords are sometimes used as a means of authentication by applications and databases, but their use is generally considered to be a bad practice because they can lead to data breaches.
Implications: Governments store more information about their citizens than ever before, so it’s their responsibility to adequately protect it. Any failure to do so could potentially have far-reaching consequences for those in power as well as those who elected them.
2016 – Qatar National Bank (QNB) Breach Exposed Troves Of Customer Data
What Happened: In April 2016, the whistleblower site Cryptome became home to a large collection of documents from Qatar National Bank. The leak comprised more than 15,000 files, including internal corporate documents and sensitive financial data of the bank’s thousands of customers, such as passwords, PINs, and payment card data.
How It Happened: The cause of the Qatar National Bank breach remains unknown. It’s certain, however, that the attacker must have had obtained privileged access to the bank’s internal network otherwise they wouldn’t be able to steal nearly 1 million payment card numbers together with expiration dates, credit limits, cardholder details, and other account information.
Implications: The breach highlighted the need for stronger cybersecurity measures in the financial sector and underscored the importance of maintaining robust security practices to prevent unauthorized access to sensitive financial data. Fortunately, the bank enforced multi-factor authentication, preventing attackers from using the stolen customer data to make unauthorized transactions.
2012 – Saudi Arabian Oil Company (Aramco) Compromised By Iran
What Happened: In retaliation against the Al-Saud regime, Iran-backed hacking group called the “Cutting Sword of Justice” wiped data from approximately 35,000 computers belonging to Aramco, a Saudi Arabian public petroleum and natural gas company based in Dhahran.
How It Happened: The hacking group used malware called Shamoon, which is designed to spread to as many computers on the same network as possible and, ultimately, make them unusable by overwriting the master boot record.
Implications: The attack on Aramco in 2012 demonstrated the potential of nation-states and state-sponsored groups to use cyber warfare to target critical infrastructure and disrupt a nation’s economy. Since then, multiple other attacks on critical infrastructure have occurred, perhaps the most notable of which is the Colonial Pipeline ransomware attack of 2021.
Security
10 Best VPN Services For The Middle East In 2023 (Free & Paid)
The VPN services recommended in this article can solve many of the issues experienced by those who are living or visiting the Middle East, including internet censorship, geo-restrictions, and online privacy concerns.

Internet censorship in the United Arab Emirates, Saudi Arabia, Bahrain, Egypt, Iran, Syria, Turkey, and other Middle Eastern countries is so widespread that there’s an entire Wikipedia page dedicated to it.
Fortunately for those who are living or visiting the Middle East, there are many VPN services that make it possible to enjoy unrestricted access to the internet even in countries where certain online content is blocked.
To help you select the best VPN service for the Middle East in 2023 and beyond, we’ve tested many popular VPN services and narrowed them down to the top 10 best options.
What Is A VPN And How Does It Work?
The acronym VPN stands for “virtual private network,” a special private network that extends across the public internet, creating an encrypted tunnel for your data to go through. Nobody outside this tunnel, including your internet service provider (ISP) and government monitoring agencies, can’t see what you’re doing online.
The easiest way to establish a VPN connection is to use an online VPN service, such as those recommended in this article. VPN services have servers in many countries around the world (the Middle East region is no exception), and they provide client applications that enable users to connect to them with a simple click.
Why Use A VPN In The Middle East?
We’ve already touched upon what’s arguably the main reason to use a VPN service in the Middle East: internet censorship.
Indeed, some online content is not accessible in many Middle Eastern countries. Examples of commonly blocked content include gambling websites, pornographic sites, news sites, social media platforms, or anti-Islam, anti-government, and anti-censorship sites.
Besides internet censorship, people living in the Middle East also frequently use VPN services to do things like:
- Enhance Their Privacy: A reliable VPN makes it impossible for third parties to monitor your online activity and see which websites you’ve visited and which files you’ve downloaded. This is true even when you’re connected using a public Wi-Fi network that’s not encrypted.
- Access Geo-Restricted Content: Many streaming services and even news websites geo-restrict some or all of their content to make it available only to users who are located in certain countries. With a VPN, you can circumvent such restrictions by making it seem as if you’re located in a different country.
- Work Remotely: Remote work is becoming increasingly prevalent, but so are the threats all remote workers face, such as man-in-the-middle attacks. A VPN is a must-have cybersecurity solution for all remote workers who don’t always enjoy the peace of mind provided by a trusted enterprise network.
- Play Online Games: Would you like to play an online game that’s not available to players who are located in the Middle East? That’s not a problem if you have one of the best VPN services for gaming.
- Hide Their Real Location: Your real IP address can be easily used to reveal your location. If that’s something you’re not comfortable with, then you should use a VPN service to hide it.
As you can see, the reasons to use a VPN service in Bahrain, Cyprus, Egypt, Iraq, Israel, Jordan, Kuwait, Lebanon, Oman, Palestine, Qatar, Saudi Arabia, Syria, Turkey, Yemen, and the United Arab Emirates are numerous, but determining which VPN service is the best can be a challenge.
How To Choose The Best VPN For The Middle East?
Selecting the best VPN for use in the Middle East is somewhat complicated by the fact that some countries, like Iran, regulate VPN usage and don’t allow all VPN services—only government-approved ones. That’s why this article doesn’t recommend just one VPN service but ten.
Once you have found a couple of VPN services that work in your country, you should consider the following criteria to determine which of them can meet your needs the best:
- Servers: Ideally, you want to choose a VPN service that has servers all over the globe because then you can circumvent any geo-restrictions. Since many online services in the Middle East work only with a local IP address, your VPN service should have at least one server in the country where you live.
- Performance: You don’t want your VPN service to make it impossible for you to enjoy any slightly more bandwidth-intensive content because of its poor performance. The good news is that all leading providers make performance one of their top priorities.
- Security: The best VPN services don’t log any user data, implement state-of-the-art encryption, and use automatic kill switch functionally with DNS leak protection to ensure that no private data gets leaked.
- Location: The location of a VPN service provider matters a lot because it determines its legal obligations. What’s more, the so-called Fourteen Eyes countries (the US, the UK, Canada, New Zealand, Australia, Denmark, France, the Netherlands, Norway, Germany, Belgium, Italy, Sweden, and Spain) have intelligence-sharing agreements that may be used to obtain information about VPN users.
- Price: It goes without saying that the price of a VPN service is one of the most important selection criteria. We recommend you set a clear budget a stick to it. It’s also a good idea to look for special discounts, especially around major shopping holidays.
With these criteria in mind, we’ve researched the best VPN Middle East services to help you make the right choice. Let’s take a look at them!
Best VPN Services For The Middle East
Each of the top 10 best VPN services described below can be recommended to Middle Easterners who want to circumvent government censorship, enhance their privacy, access geo-restricted content, work remotely, play online games, or hide their real location.
Note: The prices below are those in effect at the time of writing this article, and they may include temporary discounts.
NordVPN

💵 Pricing: $5.29 a month (with a two-year commitment)
↩️ Money-Back Guarantee: 30 days
NordVPN is one of the most popular VPN services in the world, and not just because of how heavily it is advertised on sites like YouTube. The service actually does deliver on its promise of state-of-the-art security and privacy that don’t require you to sacrifice your download and upload speed.
The users of NordVPN can choose from more than 5,000 fast servers in dozens of countries around the world, including the United Arab Emirates. Unfortunately, access to such a large network of VPN servers doesn’t come cheap, but at least you get a lot of free extras, including malware protection, a password manager, and 1 TB of encrypted cloud storage, among other things.
Pros: | Cons: |
– Fantastic performance | – More expensive than alternatives |
– Intuitive apps for all major platforms | |
– A huge number of servers | |
– Great customer service | |
– Diskless server infrastructure | |
– 1 TB of free encrypted cloud storage |
ExpressVPN

💵 Pricing: $8.32 a month (with a one-year commitment)
↩️ Money-Back Guarantee: 30 days
ExpressVPN is the most expensive VPN service recommended in this article (unless you’ll get lucky and stumble upon a nice discount), so it must be really good, right? Correct! ExpressVPN has servers in Egypt and Israel (and over 90 other countries), and it’s known for its excellent P2P and streaming support.
Setting up ExpressVPN on a smartphone, tablet, computer, or router is painless thanks to the large library of official client apps and browser extensions. Just know that the service (and many others like it) is owned by Kape Technologies, a digital security software provider that has done some shady things in the past.
Pros: | Cons: |
– Great P2P and streaming support | – More expensive than alternatives |
– Helpful customer support | – Owned by Kape Technologies |
– Speedy refund process | |
– Independently audited |
CyberGhost

💵 Pricing: $2.19 a month (with a two-year commitment)
↩️ Money-Back Guarantee: 45 days
CyberGhost stands out with its industry-leading 45-day money-back guarantee, giving you plenty of time to evaluate its performance and usability. The service provides native client apps for all major platforms, including Windows, macOS, Android, iOS, and Linux. Routers, smart TVs, Amazon Fire TV Sticks, and game consoles are also supported.
At the time of writing this article, CyberGhost operates nearly 10,000 servers in 91 countries, including Egypt, Israel, Qatar, Saudi Arabia, and the United Arab Emirates. In September 2022, the service finally completed an independent audit, and it can certainly be proud of the results.
Pros: | Cons: |
– Industry-leading money-back guarantee | – Owned by Kape Technologies |
– Inexpensive | |
– Constantly growing server network | |
– A huge number of servers |
Private Internet Access

💵 Pricing: $2.03 a month (with a three-year commitment)
↩️ Money-Back Guarantee: 30 days
Private Internet Access is another popular VPN owned by Kape Technologies, and it has WireGuard, OpenVPN, and IKEv2/IPSec servers in Egypt and more than 80 other countries, including all 50 US states.
The service provides dedicated IP addresses to those who would like to enjoy a smoother online experience with fewer interruptions. With a dedicated IP address, you won’t be constantly running into CAPTCHAs and bot checks.
Pros: | Cons: |
– Inexpensive | – Average speeds |
– Audited by a third-party | – Owned by Kape Technologies |
– Supports ten simultaneous connections | |
– Provides dedicated IP addresses |
VyprVPN

💵 Pricing: $5.00 a month (with a one-year commitment)
↩️ Money-Back Guarantee: 30 days
With servers in Bahrain, Israel, Qatar, Saudi Arabia, and the United Arab Emirates, VyprVPN is an excellent choice for Middle Easterners who want to improve their online security and privacy while retaining a local IP address.
The service does a great job of circumventing various VPN-blocking techniques, and it uses the WireGuard protocol for hassle-free streaming. These and other perks justify its somewhat higher price.
Pros: | Cons: |
– Can circumvent VPN blocking | – More expensive than alternatives |
– Great P2P and streaming support | – Not many servers |
– Owns its entire server infrastructure | |
– Many servers in the Middle East |
Surfshark

💵 Pricing: $2.30 a month (with a two-year commitment)
↩️ Money-Back Guarantee: 30 days
If you can excuse the fact that Surfshark is located in the Netherlands, which is part of the Fourteen Eyes intelligence-sharing group, then this VPN service should definitely be high on your list because it offers a lot of value for a great price.
All Surfshark plans can support an unlimited number of connections, which means that you could theoretically secure each and every device you own for just $2.30 a month—and that’s certainly a great deal. The service also boasts 3,200+ servers in 100 countries, including Israel, Saudi Arabia, and the United Arab Emirates.
Pros: | Cons: |
– Inexpensive | – Located in the Netherlands |
– Unlimited simultaneous connections | |
– Servers in multiple Middle Eastern countries |
PureVPN

💵 Pricing: $1.99 a month (with a two-year commitment)
↩️ Money-Back Guarantee: 31 days
With prices that start at just $1.99 a month, you would be hard-pressed to find a cheaper VPN service that’s as reputable as PureVPN. Despite its low price, the service operates a massive network of more than 6,500 servers, including servers in Turkey and the United Arab Emirates.
Up to 10 people can use PureVPN to secure an unlimited number of devices with AES 256-bit encryption at the same time. Some advanced features, like split tunneling, are included in the price, while others, such as port forwarding and dedicated IP addresses, are available as paid add-ons.
Pros: | Cons: |
– Supports ten simultaneous connections | – Occasional client issues |
– Verified no data logging policy | |
– Inexpensive |
PrivateVPN

💵 Pricing: $2.00 a month (with a three-year commitment)
↩️ Money-Back Guarantee: 30 days
It’s common for the best VPN services in the Middle East to use 256-bit encryption algorithms, but PrivateVPN takes security to the next level with its military-grade 2048-bit encryption. While the extra bits don’t make much difference in the real-world, they show just how committed PrivateVPN is to protecting its users.
What’s also unique about this VPN service is the fact that it doesn’t outsource customer support at all. Instead, all customers get to talk directly with its in-house developers to get their problems solved quickly and easily. PrivateVPN has a few servers in Israel, Turkey, and the United Arab Emirates, but its server network is on the smaller side.
Pros: | Cons: |
– Inexpensive | – Not many servers |
– Unblocks streaming services | |
– Military-grade 2048-bit encryption | |
– In-house customer support |
ProtonVPN

💵 Pricing: $4.99 a month (with a two-year commitment); free plan available
↩️ Money-Back Guarantee: 30 days
If the name of this VPN service sounds familiar, then there’s a good chance that you’ve used ProtonMail, a secure email service that uses end-to-end encryption. As you’ve probably guessed, ProtonVPN and ProtonMail share the same developer, Proton AG. They also share the same focus on security, privacy, and freedom.
ProtonVPN offers a free VPN service that people who are living or visiting the Middle East can use to 100+ servers in 3 countries (US, NL, JP). To unlock all servers and locations ProtonVPN has to offer (almost 2,000 servers in over 60 countries), including Israel and the United Arab Emirates, you need to purchase the Proton VPN Plus plan.
Pros: | Cons: |
– Provided by a trusted and respected company | – Doesn’t offer browser extensions |
– Nicely designed client | |
– Free plan available |
Mullvad

💵 Pricing: €5.00 a month (no commitment)
↩️ Money-Back Guarantee: 30 days
VPN services tend to follow the same template: offering more or less the same features and the same customer experience. Mullvad is a welcome breath of fresh air that does away with pricing plans that force you to make a long commitment just to get a nice discount. Instead, there’s just one plan, and you can stop paying whenever you want.
As such, Mullvad is great if you need a VPN for just a month or two, but it’s harder to recommend to those who rely on a VPN every day. That’s especially true since it doesn’t have many servers in the Middle East (only a few in Israel and the United Arab Emirates). What’s more, the client app leaves something to be desired in terms of usability.
Pros: | Cons: |
– Fair pricing model | – More expensive than alternatives |
– Transparent and highly anonymous | – Pay-as-you-go only |
– Open-source | – Can’t unblock streaming services |
How To Set Up A VPN For Use In The Middle East?
You don’t need to be a networking expert to set up a VPN for use in the Middle East. You just need one of the recommended VPN services and a few minutes of free time.
Let’s demonstrate how it works using our personal favorite VPN service in the Middle East, NordVPN:
- Go to: https://nordvpn.com/risk-free-vpn/
- Click the Start Now button and choose one of the available plans.
- Create an account and pay for the selected subscription plan.
- Download the NordVPN client app for your device and install it.
- Launch the NordVPN client and log in to your account.
You can now connect to any NordVPN server. To see if your connection is protected, you can visit the NordVPN website and look at the status bar at the very top. If everything is working correctly, then you won’t see your real IP address.
Conclusion
The best VPN services recommended in this article can solve many of the issues experienced by those who are living or visiting the Middle East, including internet censorship, geo-restrictions, and online privacy concerns. Just remember to use them responsibly and in adherence with to local laws. If you’re looking for VPN options for your Android device, check out our list of the top 3 VPN services for Android.
FAQs
In countries like Bahrain, Cyprus, Israel, Jordan, Lebanon, and Qatar, VPN usage is completely unregulated. Countries like Iran allow only certain government-approved VPNs, while Iraq bans VPN usage entirely.
Sadly, not all VPN services work in every Middle Eastern country. In Iran, for example, only government-approved VPNs are allowed.
You technically can use a VPN to visit any website you want, but that doesn’t mean you should. In the United Arab Emirates, for example, you can get into some serious trouble if you use a VPN to visit banned websites.
The best VPN services in the Middle East are:
– NordVPN
– ExpressVPN
– CyberGhost
– Private Internet Access
– VyprVPN
Yes, there are free VPN services in the Middle East, such as the one that comes with the Opera web browser, but such services are often not as secure, fast, and feature-complete as their paid counterparts, so we recommend you avoid them.