ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
May 18, 2026 
7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data.
7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information.
“Over 600k Salesforce records containing PII and other internal corporate data have been compromised.” The cybercrime group claimed on its Tor data leak site. “The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don’t care.”
ShinyHunters threatened to publish the stolen data if the ransom was not paid by April 21.
7-Eleven is the world’s largest convenience store chain, operating thousands of locations across North America, Asia, Europe, and other regions. Founded in 1927 in the United States, the company is known for 24/7 stores offering snacks, drinks, groceries, fuel, ready-to-eat meals, and everyday essentials.
7-Eleven said an unauthorized party accessed systems storing franchisee documents on April 8, 2026. The company launched an investigation after discovering the security breach.
“We recently discovered that on April 8, 2026, an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents.” reads the data breach notification letter. “We take the security of your personal information very seriously and immediately launched an investigation in order to assess the affected documents and bring this to your attention. We also wanted to apologize for any inconvenience this may cause you.”
According to its findings, the exposed files contained information submitted by individuals during the franchise application process.
The company has started notifying affected individuals about the incident.
At this time, the total number of impacted individuals is still unclear.
ShinyHunters has previously claimed breaches at Google, Cisco, Vimeo, Rockstar Games, Instructure, Zara, and the European Commission.
ShinyHunters has been targeting Salesforce instances of major organizations since mid-2025, stealing millions of records.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)
