7-Eleven Breach Exposes 185,000 Customer Records
Key Takeaways
- ShinyHunters stole 185,300 unique customer records including names, emails, birthdates, and addresses
- The breach occurred through 7-Eleven's Salesforce environment used for franchisee documents
- After 7-Eleven refused to pay ransom, attackers leaked 9.4GB of stolen data on the dark web
What Happened
On April 8, 2026, the ShinyHunters extortion gang broke into 7-Eleven's internal systems and stole personal information belonging to 185,300 people. The attackers gained access through the company's Salesforce environment, specifically targeting systems used to store franchisee documents.
7-Eleven disclosed the breach in notification letters sent to affected customers on May 1. The company confirmed that "an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents" but did not publicly attribute the attack to any specific group.
ShinyHunters claimed responsibility on April 17. The gang said they stole over 600,000 records containing corporate data and personally identifiable information. When 7-Eleven refused to pay the ransom demand, ShinyHunters published a 9.4GB archive of stolen documents on their dark web leak site.
What Data Was Stolen
Have I Been Pwned, the data breach notification service, analyzed the leaked data and confirmed the full scope of the exposure. The stolen records include:
- Names
- Dates of birth
- 185,300 unique email addresses
- Phone numbers
- Physical addresses
Troy Hunt, creator of Have I Been Pwned, noted that "a small number of records also contained additional exposed data fields." The service confirmed the breach data aligns with 7-Eleven's statement about franchisee document systems being compromised.
ShinyHunters' Salesforce Campaign
This breach fits a pattern. ShinyHunters has spent the past year targeting Salesforce customers. The gang has breached hundreds of companies through two major campaigns: the Salesforce Aura data theft attacks and the Salesloft Drift campaign. They claim to have stolen billions of records across these operations.
Security researchers tracking the group note that ShinyHunters often gains access through social engineering rather than technical exploits. Discussion on Hacker News pointed to the group's high success rate in compromising corporate Salesforce implementations through this method.
Recent ShinyHunters victims include the European Commission, video service Vimeo, and several Spanish organizations. The gang operates a consistent playbook: breach, demand ransom, leak if unpaid.
7-Eleven's Security History
This is not 7-Eleven's first major security incident. In August 2022, 7-Eleven Denmark suffered a ransomware attack that forced the company to shut down 175 stores after attackers encrypted critical systems.
7-Eleven operates, franchises, and licenses more than 86,000 stores worldwide, including 13,000 in the U.S. and Canada. The company also runs Speedway, Stripes, Laredo Taco Company, and Raise the Roost Chicken and Biscuits locations. Its 7Rewards and Speedy Rewards loyalty programs have over 100 million members.
BleepingComputer reached out to 7-Eleven for comment on ShinyHunters' claims and the number of affected individuals. The company did not respond.
Community Response
On Reddit's cybersecurity forum, users focused on the irony of a global chain getting breached through a franchisee application portal. Many questioned the adequacy of 7-Eleven's third-party cloud data security practices, particularly for a company handling data from over 100 million loyalty program members.
“This incident is part of a broader, persistent campaign by ShinyHunters targeting organizations using Salesforce cloud environments.”
— Cybersecurity Analyst, Industry Security Report
What Affected Customers Should Do
If you've applied for a 7-Eleven franchise or provided personal information through their franchisee systems, assume your data was exposed. Take these steps:
- Check Have I Been Pwned to confirm if your email appears in the breach
- Monitor your credit reports for unusual activity
- Be alert for phishing emails that reference 7-Eleven or franchise applications
- Consider a credit freeze if the breach included your Social Security number
Logicity's Take
Frequently Asked Questions
How many people were affected by the 7-Eleven data breach?
185,300 unique customer records were exposed, according to Have I Been Pwned's analysis of the leaked data.
What information was stolen in the 7-Eleven breach?
The stolen data includes names, dates of birth, email addresses, phone numbers, and physical addresses. Some records contained additional data fields.
Who was responsible for the 7-Eleven hack?
The ShinyHunters extortion gang claimed responsibility. They specialize in breaching Salesforce cloud environments and have hit hundreds of companies in the past year.
Did 7-Eleven pay the ransom?
No. 7-Eleven refused to pay, and ShinyHunters subsequently leaked 9.4GB of stolen documents on their dark web site.
How can I check if my data was exposed in the 7-Eleven breach?
Visit Have I Been Pwned and enter your email address. The site will show if your information appears in this or other data breaches.
Need Help Implementing This?
Source: BleepingComputer
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse all
Kraken Crypto Exchange Extortion: Hackers Threaten to Leak Internal Videos After Insider Breach
Cryptocurrency exchange Kraken is being extorted by hackers who obtained videos of internal systems through bribed support employees. The company says no funds were compromised and refuses to pay, with only about 2,000 accounts affected. Kraken is working with federal law enforcement to prosecute everyone involved.
Windows 11 KB5083769 and KB5082052: April 2026 Patch Tuesday Brings Smart App Control Changes and Security Fixes
Microsoft's April 2026 Patch Tuesday updates are now live for Windows 11, bringing critical security patches alongside a welcome change to Smart App Control. You can finally toggle SAC on or off without wiping your entire system. The updates cover versions 23H2, 24H2, and 25H2.
Zero Trust Identity Security: 5 Ways This Framework Actually Stops Credential Theft
Stolen credentials caused 22% of breaches in 2025, making them the top attack vector. Zero Trust promises to fix this, but only when it's built around identity as the core principle. Here's how organizations can implement it properly.
Open Source PR Backlogs: Why Your GitHub Contribution Sits Unreviewed for a Year
A developer's Jellyfin pull request has been waiting over a year for merge despite two approvals, exposing a systemic crisis in open source maintenance. Queuing theory explains why backlogs grow exponentially, and 60% of maintainers have quit or considered quitting due to burnout.
Also Read
Honor Pad 20 Launches With 12.1-inch Display and 10,100mAh Battery
Honor has unveiled the Pad 20 tablet in China alongside its 600 series smartphones. The tablet features a 12.1-inch LCD display with 120Hz refresh rate, Snapdragon 7 Gen 3 processor, and 66W fast charging. Pricing starts at CNY 2,099 (approximately $310) for the base model.
Samsung Galaxy S26 FE Design Leaks via Third-Party Cases
Case renders reveal the Galaxy S26 FE's design, showing it shares the camera island styling of the flagship S26 series. The device pairs the Exynos 2500 chip with 8GB RAM and may arrive in September 2026.
Vivo S60 Specs Leak: 7,200 mAh Battery, Periscope Camera
A Weibo tipster has revealed the full spec sheet for the Vivo S60 ahead of its May 29 launch. The device packs a 7,200 mAh battery into a 7.92mm body alongside a Snapdragon 8s Gen 3 chip and 50MP periscope telephoto camera.