Hackers stole personal information from over 183,000 people after breaching 7-Eleven systems in April. The ShinyHunters extortion gang is behind the attack, according to breach notification service Have I Been Pwned.
The convenience store chain fell victim to the ShinyHunters extortion gang, which accessed customer data during an April breach. The stolen information affects 185,000 individuals across 7-Eleven's operations.
Have I Been Pwned, a data breach tracking service, confirmed the breach and identified ShinyHunters as the responsible threat group. The gang is known for stealing data and demanding payment in exchange for non-disclosure, a tactic typical of extortion-focused cybercriminals.
7-Eleven has not yet publicly disclosed what specific types of personal information were compromised. Standard data breach exposures typically include names, email addresses, phone numbers, and potentially payment or account information.
This breach adds to an ongoing pattern of retail and convenience store chains becoming targets for cybercriminals. Large retailers maintain extensive customer databases, making them high-value targets for attackers seeking both ransom payments and resale opportunities on dark web markets.
Affected individuals should monitor their accounts and credit reports for suspicious activity. 7-Eleven customers are advised to change passwords and enable two-factor authentication where available. Watchfulness for phishing emails or calls claiming to represent the company is also recommended, as attackers sometimes use breaches to conduct follow-up social engineering attacks.
The company has not announced what security measures led to the breach or what steps it is taking to prevent future incidents. Customers can check if their information was included in the breach by visiting Have I Been Pwned's search tool with their email address.
Artificial intelligence discovered a critical security vulnerability in Linux kernel code that human developers overlooked for over a decade. The bug could allow unauthorized root access to systems.
Researchers have demonstrated a new attack called 'Ghostcommit' that hides prompt injections in PNG files to fool AI code reviewers and agents into exposing repository secrets.
Australia's eSafety watchdog will investigate whether major adult websites are allowing users to bypass age verification requirements using virtual private networks (VPNs). The probe follows new regulations introduced in March requiring age checks on adult content.