Home > Security > Security News

7-Eleven Data Breach Exposes Over 185,000 Accounts in ShinyHunters Extortion Campaign

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
data breach
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Extortion Campaign: The ShinyHunters pay-or-leak attack against 7-Eleven resulted in the compromise of over 185,000 unique email addresses and personal details.
  • System Scope: 7-Eleven stated that the breach involved systems that stored franchisee documents.
  • Initial claims: The attackers claimed to have stolen over 600,000 records and leaked a 9.4GB archive of documents one week after the first announcement.

The April 7-Eleven "pay or leak" extortion campaign orchestrated by the threat group ShinyHunters resulted in the theft and leak of internal data online later that month. The incident was formally added to the breach notification service Have I Been Pwned (HIBP) on May 24, 2026, which said 185,300 accounts were impacted.

ShinyHunters Extortion and Data Exposure

The 7-Eleven data breach, which was observed on April 8, 2026, exposed a substantial volume of identifiable information (PII). HIBP said the compromised records included 185,300 unique accounts and their:

Additionally, a small number of the leaked records contained additional exposed data fields. 

ShinyHunters claim 7-Eleven data breach | Source: ShinyHunters leak site via BleepingComputer
ShinyHunters claim 7-Eleven data breach | Source: ShinyHunters leak site via BleepingComputer

The ShinyHunters group leveraged the exfiltrated database to demand payment, threatening to publish it. The data was ultimately released to the public in April 2026 after the extortion attempt.

Franchisee Document Systems Targeted

Following the data exposure, 7-Eleven stated that the breach was strictly limited to certain 7-Eleven systems used to store franchisee documents, which is consistent with the nature of the exposed data present in the published database, according to HIBP. 

The compromised information directly corresponds to the administrative records maintained within these specific franchisee infrastructure environments, confirming the limited scope of the compromised systems as outlined by the company.

Last week, reports announced that a NYC Health + Hospitals data breach exposed sensitive biometrics of 1.8 million individuals. 

This month, the threat actor claimed a Woflow data breach exposing almost 448,000 accounts and announced it had stolen almost 120,000 Vimeo accounts. In early March, ShinyHunters claimed to have compromised data from Snowflake, Okta, Sony, AMD, Lastpass, and Salesforce via a massive Salesforce Breach.

Add a Comment
Related
ClickFix
Ghost CMS SQL Injection Vulnerability Facilitates Large-Scale ClickFix Campaigns
Cyber Job Moves: Firms Tap New Leaders for AI, Cloud, Federal, and GTM Expansion
Cybersecurity Roundup: Defenders Score Major Wins Against Cybercrime Networks While Legacy Risks Deepen
Cloud Atlas APT Targets Russia and Belarus Government and Diplomatic Entities with PowerCloud Tool
Google API Keys Remain Usable After Deletion for up to 23 Minutes, Report Says
Canadian Administrator Arrested Following KimWolf DDoS Botnet Takedown
Most Popular
ClickFix
Ghost CMS SQL Injection Vulnerability Facilitates Large-Scale ClickFix Campaigns
Cyber Job Moves: Firms Tap New Leaders for AI, Cloud, Federal, and GTM Expansion
AI Agents are Recreating the Access Problems that Broke Early Cloud Security
X-VPN Joins VPN Trust Initiative and i2Coalition
X-VPN Joins VPN Trust Initiative and i2Coalition to Strengthen Privacy and Security Efforts
NordVPN Blocking Dispute Faces New Spanish Court Ruling
Spanish Court Refuses LaLiga’s Request to Fine NordVPN Over IPTV Blocking Dispute
Cybersecurity Roundup: Defenders Score Major Wins Against Cybercrime Networks While Legacy Risks Deepen
Ghost CMS SQL Injection Vulnerability Facilitates Large-Scale ClickFix Campaigns
Cyber Job Moves: Firms Tap New Leaders for AI, Cloud, Federal, and GTM Expansion
AI Agents are Recreating the Access Problems that Broke Early Cloud Security
X-VPN Joins VPN Trust Initiative and i2Coalition to Strengthen Privacy and Security Efforts
Spanish Court Refuses LaLiga’s Request to Fine NordVPN Over IPTV Blocking Dispute
Cybersecurity Roundup: Defenders Score Major Wins Against Cybercrime Networks While Legacy Risks Deepen

Most Popular
ClickFix
Ghost CMS SQL Injection Vulnerability Facilitates Large-Scale ClickFix Campaigns
Cyber Job Moves: Firms Tap New Leaders for AI, Cloud, Federal, and GTM Expansion
AI Agents are Recreating the Access Problems that Broke Early Cloud Security
X-VPN Joins VPN Trust Initiative and i2Coalition
X-VPN Joins VPN Trust Initiative and i2Coalition to Strengthen Privacy and Security Efforts
NordVPN Blocking Dispute Faces New Spanish Court Ruling
Spanish Court Refuses LaLiga’s Request to Fine NordVPN Over IPTV Blocking Dispute
Cybersecurity Roundup: Defenders Score Major Wins Against Cybercrime Networks While Legacy Risks Deepen
Ghost CMS SQL Injection Vulnerability Facilitates Large-Scale ClickFix Campaigns
Cyber Job Moves: Firms Tap New Leaders for AI, Cloud, Federal, and GTM Expansion
AI Agents are Recreating the Access Problems that Broke Early Cloud Security
X-VPN Joins VPN Trust Initiative and i2Coalition to Strengthen Privacy and Security Efforts
Spanish Court Refuses LaLiga’s Request to Fine NordVPN Over IPTV Blocking Dispute
Cybersecurity Roundup: Defenders Score Major Wins Against Cybercrime Networks While Legacy Risks Deepen

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: