7-Eleven Breach Exposes 185,000 Customer Records

Key Takeaways

• ShinyHunters stole 185,300 unique customer records including names, emails, birthdates, and addresses
• The breach occurred through 7-Eleven's Salesforce environment used for franchisee documents
• After 7-Eleven refused to pay ransom, attackers leaked 9.4GB of stolen data on the dark web

What Happened

On April 8, 2026, the ShinyHunters extortion gang broke into 7-Eleven's internal systems and stole personal information belonging to 185,300 people. The attackers gained access through the company's Salesforce environment, specifically targeting systems used to store franchisee documents.

7-Eleven disclosed the breach in notification letters sent to affected customers on May 1. The company confirmed that "an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents" but did not publicly attribute the attack to any specific group.

ShinyHunters claimed responsibility on April 17. The gang said they stole over 600,000 records containing corporate data and personally identifiable information. When 7-Eleven refused to pay the ransom demand, ShinyHunters published a 9.4GB archive of stolen documents on their dark web leak site.

What Data Was Stolen

Have I Been Pwned, the data breach notification service, analyzed the leaked data and confirmed the full scope of the exposure. The stolen records include:

• Names
• Dates of birth
• 185,300 unique email addresses
• Phone numbers
• Physical addresses

Troy Hunt, creator of Have I Been Pwned, noted that "a small number of records also contained additional exposed data fields." The service confirmed the breach data aligns with 7-Eleven's statement about franchisee document systems being compromised.

ShinyHunters' Salesforce Campaign

This breach fits a pattern. ShinyHunters has spent the past year targeting Salesforce customers. The gang has breached hundreds of companies through two major campaigns: the Salesforce Aura data theft attacks and the Salesloft Drift campaign. They claim to have stolen billions of records across these operations.

Security researchers tracking the group note that ShinyHunters often gains access through social engineering rather than technical exploits. Discussion on Hacker News pointed to the group's high success rate in compromising corporate Salesforce implementations through this method.

Recent ShinyHunters victims include the European Commission, video service Vimeo, and several Spanish organizations. The gang operates a consistent playbook: breach, demand ransom, leak if unpaid.

7-Eleven's Security History

This is not 7-Eleven's first major security incident. In August 2022, 7-Eleven Denmark suffered a ransomware attack that forced the company to shut down 175 stores after attackers encrypted critical systems.

7-Eleven operates, franchises, and licenses more than 86,000 stores worldwide, including 13,000 in the U.S. and Canada. The company also runs Speedway, Stripes, Laredo Taco Company, and Raise the Roost Chicken and Biscuits locations. Its 7Rewards and Speedy Rewards loyalty programs have over 100 million members.

BleepingComputer reached out to 7-Eleven for comment on ShinyHunters' claims and the number of affected individuals. The company did not respond.

Community Response

On Reddit's cybersecurity forum, users focused on the irony of a global chain getting breached through a franchisee application portal. Many questioned the adequacy of 7-Eleven's third-party cloud data security practices, particularly for a company handling data from over 100 million loyalty program members.

“This incident is part of a broader, persistent campaign by ShinyHunters targeting organizations using Salesforce cloud environments.”

— Cybersecurity Analyst, Industry Security Report

What Affected Customers Should Do

If you've applied for a 7-Eleven franchise or provided personal information through their franchisee systems, assume your data was exposed. Take these steps:

1. Check Have I Been Pwned to confirm if your email appears in the breach
2. Monitor your credit reports for unusual activity
3. Be alert for phishing emails that reference 7-Eleven or franchise applications
4. Consider a credit freeze if the breach included your Social Security number

Frequently Asked Questions

How many people were affected by the 7-Eleven data breach?

185,300 unique customer records were exposed, according to Have I Been Pwned's analysis of the leaked data.

What information was stolen in the 7-Eleven breach?

The stolen data includes names, dates of birth, email addresses, phone numbers, and physical addresses. Some records contained additional data fields.

Who was responsible for the 7-Eleven hack?

The ShinyHunters extortion gang claimed responsibility. They specialize in breaching Salesforce cloud environments and have hit hundreds of companies in the past year.

Did 7-Eleven pay the ransom?

No. 7-Eleven refused to pay, and ShinyHunters subsequently leaked 9.4GB of stolen documents on their dark web site.

How can I check if my data was exposed in the 7-Eleven breach?

Visit Have I Been Pwned and enter your email address. The site will show if your information appears in this or other data breaches.

Source: BleepingComputer