Skip to main content

Hajj: Western pilgrims receive ‘spam’ emails hours after signing up to Saudi portal

Users from across Australia, America, and Europe received spam from an unknown skincare company hours after signing up to the Motawif service backed by Saudi Arabia
Muslim pilgrims gather around Mount Arafat, also known as Jabal al-Rahma, southeast of Mecca during the Hajj pilgrimage amid the Covid-19 pandemic, on 19 July 2021 (AFP)

Pilgrims from western countries signing up for the chance to attend this year’s Hajj through a portal backed by Saudi Arabia have complained of receiving spam emails hours after registering for the service, raising concerns over data protection.

Users from across Australia, North America and parts of Europe who signed up to participate in this year's Hajj said they began receiving emails from an unknown skincare company called Divine Beauty. 

'The Saudi government needs to give assurances that the personal data for millions of pilgrims each year will not be sold or traded'

- Shaf Choudry, co-founder of the RizTest 

The spam emails raise concerns over the data protection procedures put in place by Saudi Arabia after it announced on Monday that western pilgrims will no longer be able to book their Hajj through travel agencies.

Western pilgrims will now have to use a company delegated by Saudi Arabia called Motawif to enter a draw called "automated lottery" for the chance to book a place on the Hajj.

Once chosen, pilgrims from Australia, North America and Europe will then be given the chance to book a Hajj package of their choice. This package includes their hotel, flights and details of their on-the-ground transport. 

Riyadh has not released details on when it will announce the results of its lottery or the prices for its Hajj packages.

But the Saudi authorities did confirm that its packages for British pilgrims, for whom the cost of a visit to Mecca can run into thousands of dollars, will not be protected by the ATOL scheme, which offers financial protection in the event that the company through whom travellers books their journey collapses.

'Troubling' move

Motawif said it has partnered up with a Dubai-based startup called Traveazy to handle the registration process. Traveazy recently said it will focus on growing its brand UmrahMe, a platform dedicated to Umrah bookings and services.

Traveazy however does not specify its data protection policies on its website, nor details of what it has in place to protect pilgrims. Traveazy did not immediately respond to Middle East Eye’s request for comment.

Shaf Choudry, co-founder of the Riz Test and the Seen on Screen Institute, has worked in the startup world for several years and researched the biases of algorithms and use of data. 

Choudry said the move to "centralise all Hajj bookings from Europe, US and Australia through the Motawif site is troubling for a number of reasons, namely the privacy and data considerations".

Prospective pilgrims received spam emails from a skincare company hours after signing up to the Motawif portal for this year's Hajj (Screengrab)
Prospective pilgrims received spam emails from a skincare company hours after signing up to the Motawif portal for this year's Hajj (Screengrab)

“It is concerning that a startup with circa $50m of venture capital does not have a public terms of service or privacy policy detailing how users' data is kept secure,” Choudry told Middle East Eye.

“Given the nature of VC-backed startups, where user data is considered a valuable asset - the Saudi government needs to give assurances that the personal data for millions of pilgrims each year will not be sold or traded.

"Further to this, pilgrim data needs to be stored securely and there needs to be transparency where it is stored geographically given that data security laws differ greatly around the world.

"There are reports of people registering on the site already receiving spam marketing emails, with guidance from the @haramainInfo account to email Motawif directly if this is the case - this does not bode well for things to come.”

Saudi Arabia’s Haramain Twitter account, which runs social media for the holy sites in Mecca and Medina, posted a tweet on Wednesday telling prospective pilgrims to contact Motawif directly if they receive spam emails.

“There are many reports the Motawif website database has been compromised and those registering are receiving spam emails from unknown brands. In order to seek more information about data being leaked, the recommendation is to contact Motawif to ensure data is not compromised,” said Haramain.

In April, Saudi Arabia said it will permit only one million people from across the world to participate in this year's Hajj pilgrimage after closing its doors to foreign visitors in 2020 and 2021 because of the coronavirus pandemic.

The Hajj pilgrimage is one of the largest religious gatherings in the world and considered a religious obligation for every Muslim who is healthy and able to afford it at least once within their lifetime.

Middle East Eye delivers independent and unrivalled coverage and analysis of the Middle East, North Africa and beyond. To learn more about republishing this content and the associated fees, please fill out this form. More about MEE can be found here.