Ransomware victim disclosure
← All victimsBaheya World
listed as baheya.com · Claimed by Darkvault · listed 2 years ago
Status timeline
- ListedApr 12, 2024
- Data leakeddate unknown
At a glance
- Group
- Darkvault
- Status
- Data leaked
- Country
- Saudi Arabia
- Sector
- Healthcare
- Listed on leak site
- Apr 12, 2024
About the victim
AI dossier — public-source company profileBaheya World is a Saudi Arabian holdings company established in 2006 that owns multiple institutions across different sectors. The company operates beauty centers and manufactures/distributes beauty and spa products under the Baheya brand, with integrated production lines supporting retail operations.
- Industry
- Beauty & Spa Products Retail, Production & Distribution
- Founded
- 2006
Attack summary
Severity: low — Disclosure status is 'data_published' but the leak post provides no details on proof files, exfiltrated data types, or operational impact. No specific data inventory is described in the available excerpt.Darkvault claims to have breached Baheya World and published data. The post does not explicitly detail what was exfiltrated, encrypted, or the specific data categories at risk.
What the group claims
It is a holdings company based in the Kingdom of Saudi Arabia established in 2006 owns three institutions in different fields, the first is specialized in the retail sale of beauty and spa products, working in the production and distribution of consumer goods specialized in this field, so we have our own production lines, which helped us to be self-sufficient, as the owner of beauty centers, which are marketed under the Baheya brand.
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

