In accordance with information breach notification service Have I Been Pwned, the extortion group Shiny Hunters hacked the programs of comfort retailer chain 7-Eleven in April and stole the private info of greater than 183,000 individuals.
Based in 1927, 7-Eleven at present operates, franchises and licenses greater than 86,000 shops worldwide, together with 13,000 shops in the USA and Canada. 7-Eleven additionally operates and franchises Speedway, Stripes, Laredo Taco Firm and Ray’s The Roost Hen and Biscuits places, and its loyalty applications 7Rewards and Speedy Rewards have greater than 100 million members.
In a knowledge breach notification letter despatched to affected clients on Might 1, the corporate revealed that the attackers gained entry to some 7-Eleven programs in early April and stole information on quite a few personal people.
“On April 8, 2026, we just lately found that an unauthorized third celebration gained entry to sure 7-Eleven programs used to retailer franchisee paperwork,” 7-Eleven stated in an announcement.
7-Eleven didn’t attribute the assault to any particular hacking group or menace actor, nor did it present additional particulars in regards to the incident, however the extortion group Shiny Hunters claimed duty for the assault on April seventeenth.
Cybercriminals claimed to have infiltrated 7-Eleven’s Salesforce surroundings and stolen over 600,000 information containing company information and personally identifiable info. The corporate then leaked a 9.4GB doc archive to a darkish net leak website after the corporate refused to pay a ransom to return and destroy the stolen information.
When contacted by BleepingComputer to verify ShinyHunters’ claims and share the variety of people affected, a 7-Eleven spokesperson didn’t reply, however Have I Been Pwned analyzed the information leaked by the cybercrime group and stated the breach uncovered the information of 185,300 individuals, together with names, dates of beginning, distinctive e mail addresses, telephone numbers, and addresses.
“This incident uncovered 185,000 distinctive e mail addresses, together with names, addresses, dates of beginning, and telephone numbers. A small variety of information additionally contained extra uncovered information fields,” the report stated. “The corporate later suggested that the breach was restricted to ‘sure 7-Eleven programs used to retailer franchisee paperwork,’ an announcement in keeping with the leaked information.”
7-Eleven Denmark additionally admitted that it was the sufferer of a ransomware assault in August 2022, after attackers encrypted a few of its programs and compelled the closure of 175 of the chain’s shops.
ShinyHunters has been concentrating on Salesforce clients over the previous 12 months, infiltrating tons of of firms by claiming to have stolen billions of information in Salesforce Aura information theft assaults and Salesloft Drift campaigns.
Different violations just lately claimed by ShinyHunters embody the European Fee; Video service Vimeo, Spanish quick vogue retailers Zara and MANGO, edtech large McGraw-Hill, dwelling safety large ADT, medical gadget maker Medtronic, PornHub, Rockstar Video games, on-line courting large Match Group, and Know-how giants Cisco and Google.
2 weeks in the past FBI advises ShinyHunters victims have beforehand warned that paying the ransom doesn’t assure that the blackmailers won’t promote the stolen information to different cybercriminals or attempt to blackmail the victims once more, and have urged them to not give in to the blackmailers’ calls for.
Automated penetration testing instruments supply actual worth, however they had been constructed to reply one query: Can an attacker get by your community? They don’t seem to be constructed to check whether or not controls block threats, detection guidelines hearth, or cloud configurations are preserved.
This information describes six surfaces that you must truly study.
Obtain now
