7-Eleven has confirmed a data breach affecting its systems after the notorious ShinyHunters hacker group claimed responsibility for stealing hundreds of thousands of records from the convenience store giant. The incident adds another high-profile victim to the cybercriminal group’s growing list of corporate targets.
The world’s largest convenience store chain detected the intrusion on April 8, affecting systems used to store franchisee documents. According to notifications sent to affected parties and filed with the Maine Attorney General’s Office, personal information provided during franchise applications was compromised.
ShinyHunters listed 7-Eleven on its leak website on April 17, claiming to have stolen more than 600,000 Salesforce records containing both personal information and corporate data. The group demanded ransom payment by April 21, later offering to sell the stolen data for $250,000 on underground hacker forums.
While 7-Eleven hasn’t disclosed the total number of affected individuals, the company stated only two Maine residents were impacted. This suggests the breach may have had limited scope, at least regarding personal information exposure.
The attack fits a troubling pattern for ShinyHunters, which has systematically targeted Salesforce instances across major organizations since mid-2025. The group exploits these systems through phishing campaigns, third-party integration abuse, or misconfigurations rather than attacking Salesforce products directly.
Recent ShinyHunters campaigns have successfully breached several prominent companies:
- Instructure – educational technology platform
- Vimeo – video hosting service
- Wynn Resorts – casino and hospitality company
- Vercel – web development platform
- Medtronic – medical device manufacturer
The 7-Eleven breach highlights growing cybersecurity challenges facing franchise-based businesses. These organizations often store sensitive applicant data spanning personal details, financial information, and business plans that prove valuable to cybercriminals.
For the retail industry, this incident underscores the importance of securing third-party platforms and cloud services that handle sensitive data. As more businesses rely on Salesforce and similar platforms for customer relationship management, they become attractive targets for organized cybercriminal groups.
The breach also demonstrates how quickly threat actors can monetize stolen data. ShinyHunters moved from initial intrusion to public ransom demands within nine days, showing the efficiency of modern cybercriminal operations.