The hacking group ShinyHunters has claimed responsibility for a series of breaches affecting several major global brands, including Mytheresa, Zara, Carnival, and 7-Eleven, as part of an ongoing “pay or leak” campaign.
According to reports, the group says it has obtained more than 9 million records containing personal and internal data. The attackers are threatening to release the information publicly if the targeted companies do not meet ransom demands by a set deadline.
The alleged victims span multiple industries. Zara, owned by Inditex, is said to have been impacted through a compromise linked to a third-party provider, while 7-Eleven’s exposure is tied to a campaign targeting Salesforce systems. Carnival’s case could involve millions of customer records, potentially including travel-related information.
Mytheresa, a luxury fashion retailer, was also named among the affected companies, although detailed technical information about that specific breach has not been publicly confirmed. As with the other incidents, the claim appears to follow the same extortion model used by the group in previous campaigns.
Researchers note that these attacks increasingly exploit third-party services rather than directly breaching company infrastructure. By targeting shared vendors or cloud platforms, attackers can gain access to multiple organizations at once.
The ShinyHunters group is known for stealing large datasets and pressuring companies into paying ransoms under threat of public disclosure. This “extortion first” approach focuses on data exposure rather than system disruption, making traditional recovery methods like backups less effective.
None of the affected companies have confirmed the full scope of the alleged breaches or whether ransom demands have been met. Investigations are ongoing, and the authenticity and scale of the stolen data remain unverified.