ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems.
A fresh wave of data leak claims linked to the hacker group ShinyHunters has brought three global brands – Zara, 7-Eleven, and Udemy – into the spotlight, with alleged stolen corporate and customer data now circulating on a dark web leak site.
The listings, published between April 22 and April 27, 2026, follow a familiar pattern. Each post includes a downloadable dataset alongside claims that the affected companies failed to respond to outreach attempts or negotiate before the data was released. The group alleges that the exposed information includes internal corporate records as well as customer-related data.
In the case of Udemy, the dataset is described as smaller in size but still significant in scale. The group claims to have obtained approximately 2.3 GB of data, including over 1.4 million records reportedly sourced from Salesforce systems. The leaked information is said to contain personally identifiable information (PII) alongside internal business data, raising concerns over user privacy and enterprise security.
For 7-Eleven, the listing outlines a larger dataset of around 12.8 GB, including more than 600,000 records also linked to Salesforce environments. According to the claims, the data contains a mix of customer information and internal operational records. The messaging accompanying the leak mirrors the Udemy case, with the group asserting that repeated contact attempts were ignored prior to publication.
The most substantial claim involves Zara, where the group alleges a breach totaling 192 GB of data. Unlike the other cases, this incident appears to involve a third-party entry point. The listing references access through Anodot and mentions exposure of data stored in BigQuery environments, suggesting that interconnected systems may have played a role in the breach. The post also links the incident to a previously reported compromise involving Anodot, indicating the possibility of broader supply chain exposure.
None of the three companies has publicly confirmed the alleged breaches at the time of writing. The claims remain unverified, but the scale and consistency of the listings have drawn attention across the cybersecurity landscape.
The activity aligns with ShinyHunters’ recent focus on exploiting cloud-based platforms and third-party integrations. The group has previously been associated with attacks targeting CRM systems and analytics tools, where access to a single environment can potentially expose multiple connected organizations.
According to the group’s own claims, it has targeted hundreds of organizations as part of a broader campaign involving Salesforce-related environments, with dozens of companies already appearing on its leak site. The approach reflects a growing trend in cyberattacks, where threat actors prioritize high-value data repositories and interconnected ecosystems to maximize impact.
As investigations continue, the incident underscores the increasing risks tied to third-party dependencies and cloud infrastructure. For organizations operating in highly connected digital environments, the events highlight the importance of securing not only internal systems but also the broader ecosystem of vendors and platforms that support business operations.
Recommended Cyber Technology News :
- Fidelity Data Breach Leads to $1.25M Settlement
- Interrail Data Breach Exposes Customer Data for Sale
- Udemy Data Breach, 1.4M Records Allegedly Exposed
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
