A series of new data leak listings posted on a dark web site linked to the ShinyHunters hacker group has put three well-known companies in the limelight, with claims of stolen corporate and customer data now circulating online.
The posts name Zara, 7-Eleven, and Udemy, each accompanied by a direct download option and a message accusing the companies of ignoring attempts to reach an agreement.
Zara and 7-Eleven were both published on April 22, 2026, while Udemy appeared later on April 27, 2026. In all three cases, the group repeats the same claim that negotiations failed, followed by the release of data described as internal records and customer information.
Udemy Data Breach
When looking at Udemy, an online learning marketplace entry, the entry has a smaller data dump, though the number of records is still high. The ShinyHunters group claims to have obtained 2.3 GB of data, including more than 1.4 million records from Salesforce.
These records are described as containing personally identifiable information along with internal corporate data. The language used in the listing mirrors earlier posts, with the hackers stating the company did not respond to repeated offers before the data was published.
7-Eleven
7-Eleven is the world’s largest convenience store chain. The listing follows a similar pattern but provides a clearer breakdown of the dataset. The group claims 12.8 GB of data, including more than 600,000 Salesforce records. These are described as containing both personal data and internal business information.
Once again, the message attached to the listing repeats the same narrative about ignored outreach and missed opportunities to resolve the situation before publication.
Zara Data Breach
When it comes to Zara, a major Spanish fast-fashion retailer owned by the Inditex group, the case is a bit different because of the volume and the reference to a previous breach. The listing claims 192 GB of data taken from BigQuery instances, with a direct mention of Anodot as the entry point. That detail points to a third-party connection rather than a direct compromise of Zara’s own infrastructure.
The group links this to an earlier incident involving Anodot, which was also tied to a breach affecting Rockstar Games, suggesting that access gained through the service may have extended into connected environments. As with the other listings, the post includes a statement blaming failed negotiations for the release.
None of the companies named in the current listings have publicly confirmed the breaches at the time of writing. Hackread has reached out to all three companies for comment.
ShinyHunters, Salesforce, and Anodot-Linked Data Breaches
These claims fit with ShinyHunters’ recent focus on cloud services and third-party integrations. The group has been linked to incidents involving Salesforce environments and partners connected to analytics platforms like Anodot, where access to one system can open doors into others.
Past activity linked to the group shows a consistent interest in databases, CRM platforms, and internal tools that hold large volumes of user and business data. Once obtained, that data is either offered privately or listed on their leak site with a public message, often following the same pattern seen in these latest posts.
It is worth noting that the group claims to have breached around 400 targets in its Salesforce-related campaign, and so far, it has published data linked to 42 companies and organisations, including:
