ShinyHunters Stole 183K 7-Eleven Records—Tried to Sell for $250K

The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking convenience store chain 7-Eleven in April, BleepingComputer reports. The company, which operates more than 86,000 stores worldwide including 13,000 in the U.S. and Canada, confirmed the breach in notifications sent to affected customers on May 1.

Attackers gained access to 7-Eleven systems storing franchisee documents on April 8, the company disclosed. The extortion group ShinyHunters claimed responsibility on April 17, posting on its Tor leak site that it had stolen over 600,000 Salesforce records containing personal and corporate data. The gang threatened to leak the data unless a ransom was paid by April 21, SecurityWeek reports.

When 7-Eleven did not pay, ShinyHunters offered the stolen dataset for $250,000 on a popular cybercrime forum. The breach has now been confirmed by Have I Been Pwned, which tracked 183,000 affected accounts from the incident.

ShinyHunters’ Ransom Playbook

ShinyHunters is a well-known extortion group that has targeted major corporations including Microsoft, AT&T, and Pixar. The group’s playbook involves breaching corporate systems, exfiltrating data, and demanding payment under threat of public release. When victims refuse, the group auctions the data on cybercrime forums.

The 7-Eleven attack is consistent with this pattern. The hackers breached Salesforce systems storing franchisee applications, which included personal information provided during the application process. 7-Eleven’s notification to the Maine Attorney General’s Office indicated the breach was limited to franchisee documents, though ShinyHunters claimed a much larger data set.

This is not an isolated incident. A recent Frontierbeat report on nginx-poolslip found an AI agent discovered unpatched remote code execution vulnerabilities in 30% of web servers scanned. Meanwhile, a New York hospital breach exposed 1.8 million fingerprints in a separate incident, highlighting the escalating scale of data theft.

What the Breach Means for 7-Eleven Customers

The affected data includes personal information submitted during franchise applications, which can include names, contact details, financial records, and corporate documents. However, 7-Eleven has not specified exactly which data categories were exposed in each case. The company is offering credit monitoring to impacted individuals.

7-Eleven operates one of the largest retail footprints in the world, including Speedway, Stripes, and Laredo Taco Company brands. Its 7Rewards and Speedy Rewards loyalty programs have over 100 million members. The company has not confirmed whether loyalty program data was affected.

FAQ

What data was stolen in the 7-Eleven breach?

Personal information from franchisee applications, including names, contact details, and corporate records. ShinyHunters also claimed to have stolen over 600,000 Salesforce records.

Who is ShinyHunters?

ShinyHunters is an extortion group that has previously targeted Microsoft, AT&T, and Pixar. The group breaches corporate systems, steals data, and demands ransom under threat of public release.

How many people were affected?

Have I Been Pwned tracked over 183,000 affected accounts, though the company has not disclosed the full figure. The breach was detected on April 8, 2026.

What is 7-Eleven doing about it?

The company sent breach notification letters on May 1, filed disclosures with state attorneys general, and is offering credit monitoring to impacted individuals.

Should 7-Eleven customers be worried?

The breach appears to have affected franchise applicants rather than general customers. 7-Eleven has not confirmed whether loyalty program data was compromised.

ShinyHunters offered the stolen 7-Eleven dataset for $250,000 on a cybercrime forum after the company refused to pay the ransom demand.