185,000 Affected in 7-Eleven Breach: Why Salesforce Is the New Soft Target for ShinyHunters

What happened

7-Eleven has confirmed a data breach that occurred on April 8, with breach notification site HaveIBeenPwned analyzing the leaked dataset and reporting that approximately 185,000 individuals are likely affected. The stolen data includes names, addresses, email addresses, and dates of birth, with additional fields compromised for a smaller subset.

The extortion group ShinyHunters claimed responsibility, listing 7-Eleven on their leak site in mid-April and demanding ransom payment by April 21. When that demand wasn't met, they offered the 600,000 Salesforce records for sale on a Russian hacking forum, and the data was eventually published online.

The pattern nobody can ignore anymore

This isn't an isolated incident. Over the past year, ShinyHunters has been systematically targeting Salesforce instances at major organizations including Instructure, Vimeo, Wynn Resorts, Vercel, and Medtronic. Mandiant put out a formal alert in February specifically about escalating ShinyHunters activity, and the pace has only accelerated since.