---
title: "ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed"
source: newsletter
source_url: "https://securityaffairs.com/192336/data-breach/shinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html"
tags: [securityaffairs]
fetcher: jina
ingested: 2026-05-20
review_value: 7
review_confidence: 8
review_recommendation: worth-reading
review_stars: 3
sha256: 89fa876f68468039a805bac6f1df56077c178620cfcf55dbf74e75deab75e288
---
---
Published Time: 2026-05-18T13:48:01+00:00
Markdown Content:
# ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
[![Image 3](https://securityaffairs.com/wp-content/themes/security_affairs/images/menu-icon.svg)](javascript:void(0);)
[](https://www.facebook.com/sec.affairs/)[](https://twitter.com/securityaffairs)
[![Image 4](https://securityaffairs.com/wp-content/uploads/2023/08/logo.png)](https://securityaffairs.com/)
*   [Home](https://securityaffairs.com/)
*   [Cyber Crime](https://securityaffairs.com/category/cyber-crime)
*   [Cyber warfare](https://securityaffairs.com/category/cyber-warfare-2)
*   [APT](https://securityaffairs.com/category/apt)
*   [Data Breach](https://securityaffairs.com/category/data-breach)
*   [Deep Web](https://securityaffairs.com/category/deep-web)
*   [Hacking](https://securityaffairs.com/category/hacking)
*   [Hacktivism](https://securityaffairs.com/category/hacktivism)
*   [Intelligence](https://securityaffairs.com/category/intelligence)
*   [Artificial Intelligence](https://securityaffairs.com/category/ai)
*   [Internet of Things](https://securityaffairs.com/category/iot)
*   [Laws and regulations](https://securityaffairs.com/category/laws-and-regulations)
*   [Malware](https://securityaffairs.com/category/malware)
*   [Mobile](https://securityaffairs.com/category/mobile-2)
*   [Reports](https://securityaffairs.com/category/reports)
*   [Security](https://securityaffairs.com/category/security)
*   [Social Networks](https://securityaffairs.com/category/social-networks)
*   [Terrorism](https://securityaffairs.com/category/terrorism)
*   [ICS-SCADA](https://securityaffairs.com/category/ics-scada)
*   [Crypto](https://securityaffairs.com/category/digital-id)
*   [POLICIES](https://securityaffairs.com/extended-cookie-policy)
*   [Contact me](https://securityaffairs.com/contact)
[![Image 5](https://securityaffairs.com/wp-content/themes/security_affairs/images/menu-icon.svg)](javascript:void(0);)
[MUST READ](https://securityaffairs.com/must-read/)
[A malicious VS code extension just breached GitHub 's internal repositories](https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html)
|
[DirtyDecrypt: PoC Released for yet another Linux flaw](https://securityaffairs.com/192436/uncategorized/dirtydecrypt-poc-released-for-yet-another-linux-flaw.html)
|
[Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash](https://securityaffairs.com/192431/hacking/alleged-huawei-zero-day-blamed-for-the-2025-luxembourg-telecom-crash.html)
|
[Drupal is rolling out an emergency security update on May 20. You cannot miss it](https://securityaffairs.com/192407/security/drupal-is-rolling-out-an-emergency-security-update-tomorrow-you-cannot-miss-it.html)
|
[Microsoft dismantled malware-signing network Fox Tempest](https://securityaffairs.com/192391/cyber-crime/microsoft-dismantled-malware-signing-network-fox-tempest.html)
|
[Poland shifts away from Signal following cyberattacks on officials’ accounts](https://securityaffairs.com/192381/intelligence/poland-shifts-away-from-signal-following-cyberattacks-on-officials-accounts.html)
|
[Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects](https://securityaffairs.com/192357/cyber-crime/massive-mena-cybercrime-operation-ramz-disrupts-infrastructure-and-arrests-201-suspects.html)
|
[Shai-Hulud worm copycats emerge after source code leak](https://securityaffairs.com/192366/malware/shai-hulud-worm-copycats-emerge-after-source-code-leak.html)
|
[Grafana confirms GitHub token breach cybercrime group claims the attack](https://securityaffairs.com/192347/breaking-news/grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack.html)
|
[ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed](https://securityaffairs.com/192336/data-breach/shinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html)
|
[Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq](https://securityaffairs.com/192302/data-breach/public-amazon-bucket-leaks-sensitive-guest-data-from-japanese-hotel-platform-tabiq.html)
|
[Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix](https://securityaffairs.com/192325/hacking/chaotic-eclipse-discloses-miniplasma-zero-day-suggesting-a-missing-or-undone-2020-windows-security-fix.html)
|
[Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945](https://securityaffairs.com/192289/hacking/experts-warn-of-active-exploitation-of-critical-nginx-flaw-cve-2026-42945.html)
|
[SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97](https://securityaffairs.com/192278/security/security-affairs-malware-newsletter-round-97.html)
|
[Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION](https://securityaffairs.com/192269/security/security-affairs-newsletter-round-577-by-pierluigi-paganini-international-edition.html)
|
[Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores](https://securityaffairs.com/192260/cyber-crime/attackers-exploit-funnel-builder-bug-to-inject-e-skimmers-into-e-stores.html)
|
[Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total](https://securityaffairs.com/192250/hacking/pwn2own-berlin-2026-day-three-devcore-crowned-master-of-pwn-1-298-million-total.html)
|
[U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/192240/hacking/u-s-cisa-adds-a-flaw-in-microsoft-exchange-server-to-its-known-exploited-vulnerabilities-catalog.html)
|
[OpenAI hit by supply chain attack linked to malicious TanStack packages](https://securityaffairs.com/192222/hacking/openai-hit-by-supply-chain-attack-linked-to-malicious-tanstack-packages.html)
|
[Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K](https://securityaffairs.com/192209/security/pwn2own-berlin-2026-day-two-385750-more-microsoft-exchange-falls-and-the-running-total-crosses-900k.html)
|
*   [Home](https://securityaffairs.com/)
*   [Cyber Crime](https://securityaffairs.com/category/cyber-crime)
*   [Cyber warfare](https://securityaffairs.com/category/cyber-warfare-2)
*   [APT](https://securityaffairs.com/category/apt)
*   [Data Breach](https://securityaffairs.com/category/data-breach)
*   [Deep Web](https://securityaffairs.com/category/deep-web)
*   [Hacking](https://securityaffairs.com/category/hacking)
*   [Hacktivism](https://securityaffairs.com/category/hacktivism)
*   [Intelligence](https://securityaffairs.com/category/intelligence)
*   [Artificial Intelligence](https://securityaffairs.com/category/ai)
*   [Internet of Things](https://securityaffairs.com/category/iot)
*   [Laws and regulations](https://securityaffairs.com/category/laws-and-regulations)
*   [Malware](https://securityaffairs.com/category/malware)
*   [Mobile](https://securityaffairs.com/category/mobile-2)
*   [Reports](https://securityaffairs.com/category/reports)
*   [Security](https://securityaffairs.com/category/security)
*   [Social Networks](https://securityaffairs.com/category/social-networks)
*   [Terrorism](https://securityaffairs.com/category/terrorism)
*   [ICS-SCADA](https://securityaffairs.com/category/ics-scada)
*   [Crypto](https://securityaffairs.com/category/digital-id)
*   [POLICIES](https://securityaffairs.com/extended-cookie-policy)
*   [Contact me](https://securityaffairs.com/contact)
[![Image 6](https://securityaffairs.com/wp-content/themes/security_affairs/images/resecurity_banner_header_mobile.png)](https://resecurity.com/)
*   [Home](https://securityaffairs.com/)
*   [Breaking News](https://securityaffairs.com/category/breaking-news)
*   [Cyber Crime](https://securityaffairs.com/category/cyber-crime)
*   [Data Breach](https://securityaffairs.com/category/data-breach)
*   [Security](https://securityaffairs.com/category/security)
*   ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
## ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed
_![Image 7](https://securityaffairs.com/wp-content/themes/security\_affairs/images/user-icon.svg)_[Pierluigi Paganini](https://securityaffairs.com/author/paganinip)_![Image 8](https://securityaffairs.com/wp-content/themes/security\_affairs/images/clock-icon.svg)_ May 18, 2026
![Image 9](https://i0.wp.com/securityaffairs.com/wp-content/uploads/2026/05/image-52.png?fit=758%2C376&ssl=1)
## 7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data.
7-Eleven has [confirmed](https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/4fe778c0-a3a9-4dbe-8e79-2c229ac5c36b.html) a data breach after the [ShinyHunters](https://securityaffairs.com/tag/shinyhunters) hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate information.
_“Over 600k Salesforce records containing PII and other internal corporate data have been compromised.” The cybercrime group claimed on its Tor data leak site. “The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don’t care.”_
[![Image 10](https://i0.wp.com/securityaffairs.com/wp-content/uploads/2026/05/image-52.png?resize=758%2C376&ssl=1)](https://i0.wp.com/securityaffairs.com/wp-content/uploads/2026/05/image-52.png?ssl=1)
ShinyHunters threatened to publish the stolen data if the ransom was not paid by April 21.
7-Eleven is the world’s largest convenience store chain, operating thousands of locations across North America, Asia, Europe, and other regions. Founded in 1927 in the United States, the company is known for 24/7 stores offering snacks, drinks, groceries, fuel, ready-to-eat meals, and everyday essentials.
7-Eleven said an unauthorized party accessed systems storing franchisee documents on April 8, 2026. The company launched an investigation after discovering the security breach.
_“We recently discovered that on April 8, 2026, an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents.” reads the [data breach notification letter](https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/4fe778c0-a3a9-4dbe-8e79-2c229ac5c36b.html). “We take the security of your personal information very seriously and immediately launched an investigation in order to assess the affected documents and bring this to your attention. We also wanted to apologize for any inconvenience this may cause you.”_
According to its findings, the exposed files contained information submitted by individuals during the franchise application process.
The company has started notifying affected individuals about the incident.
At this time, the total number of impacted individuals is still unclear.
ShinyHunters has previously claimed breaches at Google, Cisco,[Vimeo](https://securityaffairs.com/191715/data-breach/vimeo-confirms-breach-via-third-party-vendor-impacts-119k-users.html),[Rockstar Games](https://securityaffairs.com/190796/data-breach/shinyhunters-claim-the-hack-of-rockstar-games-breach-and-started-leaking-data.html), [Instructure](https://securityaffairs.com/191686/cyber-crime/educational-tech-firm-instructure-data-breach-may-have-impacted-9000-schools.html), [Zara](https://securityaffairs.com/191859/cyber-crime/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html), and the[European Commission](https://securityaffairs.com/190095/data-breach/shinyhunters-claims-the-hack-of-the-european-commission.html).
[ShinyHunters](https://securityaffairs.com/tag/shinyhunters) has been targeting [Salesforce instances](https://securityaffairs.com/181017/data-breach/google-confirms-salesforce-crm-breach-faces-extortion-threat.html) of major organizations since mid-2025, stealing millions of records.
**Follow me on Twitter:**[**@securityaffairs**](https://twitter.com/securityaffairs)**and**[**Facebook**](https://www.facebook.com/sec.affairs)**and**[**Mastodon**](https://infosec.exchange/@securityaffairs)
[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)
**(**[**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–hacking,data breach)**
* * *
[facebook](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.com%2F192336%2Fdata-breach%2Fshinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html)[linkedin](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.com%2F192336%2Fdata-breach%2Fshinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html)[twitter](https://twitter.com/share?text=ShinyHunters+hack+7-Eleven%3A+franchisee+data+and+Salesforce+records+exposed+-&url=https%3A%2F%2Fsecurityaffairs.com%2F192336%2Fdata-breach%2Fshinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html&counturl=https%3A%2F%2Fsecurityaffairs.com%2F192336%2Fdata-breach%2Fshinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html)
* * *
[7-Eleven](https://securityaffairs.com/tag/7-eleven)[Cybercrime](https://securityaffairs.com/tag/cybercrime)[data breach](https://securityaffairs.com/tag/data-breach)[Hacking](https://securityaffairs.com/tag/hacking)[hacking news](https://securityaffairs.com/tag/hacking-news)[information security news](https://securityaffairs.com/tag/information-security-news)[IT Information Security](https://securityaffairs.com/tag/it-information-security)[malware](https://securityaffairs.com/tag/malware-2)[Pierluigi Paganini](https://securityaffairs.com/tag/pierluigi-paganini)[Security Affairs](https://securityaffairs.com/tag/security-affairs)[Security News](https://securityaffairs.com/tag/security-news)
#### you might also like
[![Image 11](https://securityaffairs.com/wp-content/uploads/2015/03/github-social-coding.jpg)](https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html)
_![Image 12](https://securityaffairs.com/wp-content/themes/security\_affairs/images/user-icon.svg)_[Pierluigi Paganini](https://securityaffairs.com/author/paganinip)_![Image 13](https://securityaffairs.com/wp-content/themes/security\_affairs/images/clock-icon.svg)_ May 20, 2026
##### [A malicious VS code extension just breached GitHub 's internal repositories](https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html)
[Read more](https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html)
[![Image 14](https://securityaffairs.com/wp-content/uploads/2014/03/Huawei-hacked-by-NSA.jpg)](https://securityaffairs.com/192431/hacking/alleged-huawei-zero-day-blamed-for-the-2025-luxembourg-telecom-crash.html)
_![Image 15](https://securityaffairs.com/wp-content/themes/security\_affairs/images/user-icon.svg)_[Pierluigi Paganini](https://securityaffairs.com/author/paganinip)_![Image 16](https://securityaffairs.com/wp-content/themes/security\_affairs/images/clock-icon.svg)_ May 20, 2026
##### [Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash](https://securityaffairs.com/192431/hacking/alleged-huawei-zero-day-blamed-for-the-2025-luxembourg-telecom-crash.html)
[Read more](https://securityaffairs.com/192431/hacking/alleged-huawei-zero-day-blamed-for-the-2025-luxembourg-telecom-crash.html)
#### leave a comment
#### newsletter
###### Subscribe to my email list and stay
 up-to-date!
#### recent articles
[![Image 17](https://securityaffairs.com/wp-content/uploads/2015/03/github-social-coding.jpg)](https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html)
###### [A malicious VS code extension just breached GitHub 's internal repositories](https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html)
[Cyber Crime](https://securityaffairs.com/category/cyber-crime)/ May 20, 2026
[![Image 18](https://securityaffairs.com/wp-content/uploads/2015/11/Linux-ransomware-encoder1.jpg)](https://securityaffairs.com/192436/uncategorized/dirtydecrypt-poc-released-for-yet-another-linux-flaw.html)
###### [DirtyDecrypt: PoC Released for yet another Linux flaw](https://securityaffairs.com/192436/uncategorized/dirtydecrypt-poc-released-for-yet-another-linux-flaw.html)
[Uncategorized](https://securityaffairs.com/category/uncategorized)/ May 20, 2026
[![Image 19](https://securityaffairs.com/wp-content/uploads/2014/03/Huawei-hacked-by-NSA.jpg)](https://securityaffairs.com/192431/hacking/alleged-huawei-zero-day-blamed-for-the-2025-luxembourg-telecom-crash.html)
###### [Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash](https://securityaffairs.com/192431/hacking/alleged-huawei-zero-day-blamed-for-the-2025-luxembourg-telecom-crash.html)
[Hacking](https://securityaffairs.com/category/hacking)/ May 20, 2026
[![Image 20](https://securityaffairs.com/wp-content/uploads/2015/03/drupal-flaws.png)](https://securityaffairs.com/192407/security/drupal-is-rolling-out-an-emergency-security-update-tomorrow-you-cannot-miss-it.html)
###### [Drupal is rolling out an emergency security update on May 20. You cannot miss it](https://securityaffairs.com/192407/security/drupal-is-rolling-out-an-emergency-security-update-tomorrow-you-cannot-miss-it.html)
[Security](https://securityaffairs.com/category/security)/ May 19, 2026
[![Image 21](https://securityaffairs.com/wp-content/uploads/2026/05/image-56.png)](https://securityaffairs.com/192391/cyber-crime/microsoft-dismantled-malware-signing-network-fox-tempest.html)
###### [Microsoft dismantled malware-signing network Fox Tempest](https://securityaffairs.com/192391/cyber-crime/microsoft-dismantled-malware-signing-network-fox-tempest.html)
[Cyber Crime](https://securityaffairs.com/category/cyber-crime)/ May 19, 2026
[![Image 22](https://securityaffairs.com/wp-content/uploads/2024/03/Resecurity-Banner.jpg)](https://resecurity.com/)
[![Image 23](https://securityaffairs.com/wp-content/uploads/2023/08/footer-logo.png)](https://securityaffairs.com/)
To contact me write an email to:
 Pierluigi Paganini : 
[[email protected]](https://securityaffairs.com/cdn-cgi/l/email-protection#0878616d7a647d616f612678696f6966616661487b6d6b7d7a617c71696e6e69617a7b266b67)
[LEARN MORE](https://securityaffairs.com/contact/)
#### QUICK LINKS
*   [Home](https://securityaffairs.com/)
*   [Cyber Crime](https://securityaffairs.com/category/cyber-crime)
*   [Cyber warfare](https://securityaffairs.com/category/cyber-warfare-2)
*   [APT](https://securityaffairs.com/category/apt)
*   [Data Breach](https://securityaffairs.com/category/data-breach)
*   [Deep Web](https://securityaffairs.com/category/deep-web)
*   [Hacking](https://securityaffairs.com/category/hacking)
*   [Hacktivism](https://securityaffairs.com/category/hacktivism)
*   [Intelligence](https://securityaffairs.com/category/intelligence)
*   [Artificial Intelligence](https://securityaffairs.com/category/ai)
*   [Internet of Things](https://securityaffairs.com/category/iot)
*   [Laws and regulations](https://securityaffairs.com/category/laws-and-regulations)
*   [Malware](https://securityaffairs.com/category/malware)
*   [Mobile](https://securityaffairs.com/category/mobile-2)
*   [Reports](https://securityaffairs.com/category/reports)
*   [Security](https://securityaffairs.com/category/security)
*   [Social Networks](https://securityaffairs.com/category/social-networks)
*   [Terrorism](https://securityaffairs.com/category/terrorism)
*   [ICS-SCADA](https://securityaffairs.com/category/ics-scada)
*   [Crypto](https://securityaffairs.com/category/digital-id)
*   [POLICIES](https://securityaffairs.com/extended-cookie-policy)
*   [Contact me](https://securityaffairs.com/contact)
Copyright@securityaffairs 2024
[](https://www.facebook.com/sec.affairs/)[](https://twitter.com/securityaffairs)
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
[Cookie Settings](https://securityaffairs.com/192336/data-breach/shinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html)[Accept All](https://securityaffairs.com/192336/data-breach/shinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html)
Manage consent
Close
#### Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
[](https://securityaffairs.com/192336/data-breach/shinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html)
[Necessary](https://securityaffairs.com/192336/data-breach/shinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html)
- [x] Necessary 
Always Enabled
 Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information. 
[Non-necessary](https://securityaffairs.com/192336/data-breach/shinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html)
- [x] Non-necessary 
 Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website. 
[SAVE & ACCEPT](https://securityaffairs.com/192336/data-breach/shinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html)