After protests broke out in early January, the Iranian regime shut down the internet, starting the longest blackout in Iranian history. Despite this attempt to stop the protests from spreading, they did not stop. Still, the internet shutdown slowed down the spread of information both inside and outside Iran.
Technology
Shedding light on Iran’s longest internet blackout
Behind the heavily policed borders and the jammed signals, an unprecedented wave of state violence continues to add to a death toll somewhere between 3,000 and 30,000. Even at the lowest count, which has been acknowledged by the Iranian state and is likely a wild underestimate, these last few weeks have been one of the bloodiest uprisings in modern history.
The situation in Iran can be hard to grasp. The history is complicated; the state of the technology and internet infrastructure there is constantly in flux. To get a sense of what is happening right now, I turned to an expert. Mahsa Alimardani, the associate director of the Technology Threats & Opportunities program at WITNESS, has been a researcher and advocate in the digital rights space — particularly around Iran — since 2012. I spoke with her about what is happening in Iran, and how technology both props up and threatens repressive regimes.
The Verge: What is internet access in Iran like right now?
Mahsa Alimardani: Since the weekend [of January 24], there has been some resumption of connectivity. And I’m a little bit worried that this might convince people that things are back to normal. Last I saw, there was like 30 to 40 percent connectivity on some of the Cloudflare network data in Iran and there’s very inconsistent connectivity. Some circumvention tools have started to work.
Randomly, someone in Iran FaceTime called me yesterday. They were like, “My VPN stopped working, so I just tried to call with FaceTime, and for some reason, it didn’t even need a VPN.” But it was a momentary glitch. Various things are happening across the network, and it’s not really clear why there’s this opening, or what it means for long-term connectivity.
Since January 8th, when there was a surge in the uprising in the protest movement in Iran, there was an internet shutdown — the longest internet shutdown in Iran, they broke the record in length.
They also broke the record in number of protesters that have been massacred. It’s horrifying to think that technology helps enable such crimes.
Why does the Iranian government fear internet access?
In 1988, there was a fatwa where the government massacred a lot of political prisoners in a short span of time. I bring this up because it happened when there was no internet, and the media was heavily controlled and centralized by the state. If you did not flee Iran, and if you were not part of the generation of prisoners and political activists that survived, it was very hard to pass on the memory of that event. Peers of mine in Iran didn’t grow up with the same information. It’s so interesting having these conversations with people and realizing they are learning history only when they leave the country.
What’s been a real game changer is the way you can document and witness these kinds of crimes in the age of the internet. I think it’s obviously a big threat to the regime. It’s a massive threat to them to be able to hold them accountable, and be able to document and witness what they’re doing.
Anytime anyone sees a severe crackdown like an internet shutdown, you know that it’s going to be followed by violence. In 2019 there was a week-long internet shutdown, under the blanket of which they massacred 1,500 people. The reason why is because they don’t want people to use the internet for mobilization and communication, and they don’t want there to be a way to document what’s happening.
Anytime anyone sees a severe crackdown like an internet shutdown, you know that it’s going to be followed by violence
So the denial of the scale of their crimes is part of what they do in Iran, because it’s very hard to assess the percentage of legitimacy that the regime has, because obviously you can’t do free polling. You don’t have free media. Even when you have foreign journalists that go there, they’re followed by minders and the reporting is super-limited. The UN hasn’t been able to really have anyone do proper site visits for human rights documentation, since the start of this regime in 1979.
There isn’t any real access to professional on-the-ground documentation and fact-finding. So it all really depends on the internet, on people, on citizen media. People sending things, putting them online, and then having professional fact-checkers and verification.
What was internet access in Iran like most recently? What platforms and service providers did people use before the blackout started?
Iranians are extremely tech savvy because there’s been a cat-and-mouse game across the internet for most of its existence. Since 2017, 2018, on average, there’s been protests every two years. Each time they have a different level of censorship, new kinds of rules and regulations.
In 2017, [messaging app] Telegram was massive. Some people were even saying Telegram was the internet for Iranians, they were doing everything across Telegram. It worked really well, especially with network bandwidth being really low. So Telegram was a place for news, chatting, socializing everything, even like online markets. But then they blocked it in 2018 when protests started, because protest mobilization on there was a threat to the regime.
There was a move toward Instagram and WhatsApp becoming the most popular applications.
They had yet to be blocked back then. Instagram was more for fun, but it became much more politicized after Telegram was blocked. Then, during the Woman Life Freedom movement in 2022, Instagram and WhatsApp got blocked.
The regime has spent a lot of effort in trying to disable VPNs
Most people are just on VPNs. The regime has spent a lot of effort in trying to disable VPNs. There’s a lot of different VPN projects both for-profit and nonprofit that work within that cat-and-mouse game where protocols are being disabled and new ones are created.
An average Iranian often has many different VPNs. When one can’t work, they’ll turn on another one.
We’ve talked about how technology threatens the regime and how average Iranians use it. Let’s switch over to the other side of this issue: how does technology enable repression?
So there’s various different things the regime does, different levels of enacting information controls. There’s the censorship level of shutting it down.
Then there’s physical coercion. Like, I know people who have not reported their children who have been killed recently because they were so frightened by the process by which they had to get their loved one’s body.
They also flood the information space with a lot of misinformation. They create a lot of doubt.
They’ve been doing this information manipulation even before the internet. Iran is a very complicated information space. There are a lot of actors beyond the regime who also want to manipulate it. Even authentic dissidents and activism will get lumped in with Mossad or CIA operations.
Iran’s foreign relations muddy its information space
In 1953, the American CIA and British MI6 overthrew the democratic government of Iran, consolidating power under a monarchy that was more favorable to the US and the UK. Many believe that the political instability caused by the CIA and MI6 eventually led to the Islamic Revolution of 1979, which established the current authoritarian regime.
From 2014 to 2024, Iran and Russia joined a strategic partnership with the Syrian dictatorship as part of the Syrian civil war. The United States formed its own coalition; both coalitions purported to fight ISIS. The civil war spawned massive amounts of internet disinformation, and in 2018, Facebook and Twitter deleted hundreds of accounts originating in Russia and Iran that formed a global influence network pushing disinformation. The Syrian regime was overthrown at the end of 2024. The next year, following decades of hostilities, Israel and Iran engaged in a 12-day war.
These are some, but not all of the factors that contribute to the complicated information space in Iran that Alimardani is referring to.
The regime’s campaign existed pre-internet, but with technology, it went into overdrive. They’ve been quite clever in some of the ways they’ve covered the protests. They’ve been able to even mobilize, like, people who are sympathetic to the Palestinian cause, against, you know, the Iranian cause for liberation.
There have been a lot of documented efforts of them trying to manipulate protest documentation, undermine it, you know, use the concept of the Liar’s Dividend, which is very easy to use in the increasingly AI world we’re in.
Hold on, can you go through those examples you just mentioned? About mobilizing people who are sympathetic to the Palestinian cause?
Yeah, so, Iran is quite complicated in that it’s an Islamic fascist state. They use Islam in a lot of ways to repress the people. And there is a lot of very valid rhetoric about Islamophobia in the West, from the very specific context and history of the United States, such as what happened during the War on Terror.
But in Iran, it’s quite different. And this can really be manipulated and conflated, right? Mosques in Iran are often also the headquarters for the Basij [the Iranian paramilitary corps], and people might not know this. So there will be videos like, “Look at these protesters who are setting fire to this mosque. Look at these Islamophobic rioters.”
You might see that, without the context that the mosques also are places where the security forces that kill people are stationed, and lose why something like that would be attacked by Iranians seeking liberation.
You mentioned the regime’s use of AI — do you want to talk a little bit more about that?
Yeah, so, we didn’t need AI for authoritarian regimes to deny evidence of their crimes. Even before AI, Bashir al-Assad [the former dictator of Syria] was saying that reliable documentation of his crimes in Syria were not valid.
Whether we like it or not, AI is being integrated into a lot of things. AI editing is slowly becoming ubiquitous. Like, in fact, we might come to a point where editing photos or anything might become unavoidable without the use of generative AI.
So you no longer have that binary of like, if it’s AI, it’s fake. If there’s no AI, it’s real.
So there’s this very symbolic image that everyone has said reminded them of the Tiananmen Square Tank Man from 1989. But here, a protester is standing in front of armed security forces on motorcycles with weapons. [Ed. note: The New York Post ran with the headline “Powerful image of lone Iranian protester in front of security forces draws parallels to Tiananmen Square ‘Tank Man.’”]
This was a very low resolution video taken from a high rise [building]. Someone had screenshotted a frame from the video and it was quite blurry.
They used some AI editing software to enhance it, and you could see some AI artifacts. Nevertheless, this is an authentic, verified image of a brave protester. Lots of credible sources have verified it. But immediately, it was pointed out to have these AI artifacts, and a lot of the regime accounts started this narrative of “This is all AI slop from Zionists.”
And of course, because, you know, Israel has a special interest in Iran, they have a Farsi-language state account. Israel’s Farsi state account shared the image, which further fueled the claim that this authentic image from Iran was AI slop being pushed by the enemy, Israel.
As you’ve already mentioned, Iran has a complicated information environment. What would you say are the various actors in this space? What kinds of things are they doing?
Obviously there are foreign policy interests by Israel and the US in Iran, just because of the history and very antagonistic relationship they’ve had from the very beginning of the revolution.
The Iran-Israel war in June 2025 was a super interesting moment because the war started a few weeks after Google launched Veo 3, which has made access to very realistic generative AI content very easy. So right off the bat, you could see, from both sides, a lot of AI content coming from the war. This wasn’t the first war where that’s happened — like the Ukraine war has had so many different examples — but since Russia’s invasion of Ukraine [beginning in 2022], the technology has advanced far more, so it became a very big part of the narrative of the situation in Iran.
The most famous example from the Iran-Israel war was a piece of manipulated content that Citizen Lab later was able to attribute to the Israeli state. It was this AI-generated video of Israel bombing the gates of Evin Prison, perpetuating this narrative that they have very precise military operations and that they were freeing these political prisoners.
Evin is a very famous prison for a lot of activists and dissidents and intellectuals in Iran. Human Rights Watch and Amnesty International called the bombing of Evin Prison a war crime. And indeed, political prisoners were casualties of the bombing.
But that deepfaked video went viral. Mainstream media even reposted it immediately before a lot of various different researchers, including our deepfakes rapid response force and others, were able to attest that indeed this was a manipulated video.
So you have this information space that is quite complicated. But in this scenario, I think it would really be remiss to put that much emphasis on the role that these other actors have. There are things from these outside actors that fog up the information space, but ultimately what’s really happening is that there’s a really unprecedented massacre happening. And the perpetrator is the Islamic Republic of Iran.
I’ve seen some reporting about how Iranians bought Starlink terminals prior to the blackout. Can you say anything about that?
Yeah, I want to start by referencing a really great article by the Sudanese activist Yassmin Abdel-Magied, called “Sudanese People Don’t Have the Luxury of Hating Elon Musk.” Whatever my personal ideas are about Elon Musk, you have to give credit where credit is due. This technology is a game changer. It’s been a game changer in Sudan. And it has been in Iran.
We’ve had a few days of a little bit of connectivity of people coming online just through the ordinary network, but when the shutdown was full and complete, Starlink was really the only window we had into Iran.
When the shutdown was full and complete, Starlink was really the only window we had into Iran
And if you talk to documentation organizations, they’ll tell you, they were getting evidence and doing the verification through what was coming in from the Starlink connections. I know of people who had a Starlink and had like a whole neighborhood of people come in to check in and use the Wi-Fi.
The most credible stats before the situation was that there’s about 50,000 Starlinks. There’s likely more than 56,000 now. It became very popular during the Iran-Israel War, because of course, then the Islamic Republic enacted another shutdown. A lot of people invested in getting Starlink then.
You can get anything you want in Iran through smugglers — I think Starlink was like $1,000 at the time because demand was so high. Receivers are ordinarily a few hundred US dollars. The last price I heard was they were being sold for $2,000 in Iran. It’s a lot of money, but given the demand and the massive risk the smugglers have to undertake, I think it’s fair, but also, it means you can’t really scale this, and the people that have it are very privileged or have access to very privileged people.
What we’re seeing is a very small window. When having discussions with various folks that have been doing firsthand documentation, they’ve expressed, “We’re not getting enough from Kurdistan. We’re not getting enough documentation from Sistan and Baluchestan.” Historically, these areas are often at the forefront of protests, because the regime often has the bloodiest forms of repression in these provinces with marginalized ethnicities. Areas like Sistan and Baluchestan have a lot of economic poverty, so they’d have less access to something privileged like Starlink.
Satellite internet is really this way of reimagining connectivity
For all these years, myself, many people, have been working on this concept of internet censorship and internet shutdowns. And there really hasn’t been a way to reimagine this system. There’s this concept of digital sovereignty in place in terms of internet access and internet infrastructure that fits within national borders. In even the most democratic of countries, this is still national infrastructure that the government can have access or forms of control over.
This concept has to be broken. Satellite internet is really this way of reimagining connectivity, not just for Iran, but anywhere where lack of connectivity results in a crisis, whether humanitarian one, or a massacre of this proportion.
It’s really important to reconceive access to satellite internet in a way that could scale beyond those who are privileged and beyond those willing to take the risk. And one of the ideas that I’ve had and have been working on with other colleagues at Access Now has been to push for direct-to-cell access, which is a form of satellite internet connectivity that depends on technology that exists in phones created from 2020 onwards. We launched this campaign called Direct 2 Cell, hoping to push forward this concept.
On a personal note, how are you doing? Have you heard from your friends, family, other people you know in Iran recently?
I’ve been able to be in touch with some of my family and others here and there.
I also had that random FaceTime audio call from another person I know. I was very worried about them because they’ve been at the protests. I had heard through various people that they were okay, but I finally heard from them firsthand, and it was such a bizarre experience, speaking to them.
I had never heard them sound the way that they sounded: recounting their experience of leaving the protest before the military tanks came to open fire on the crowds, how they got tear gassed, and for the next few days, seeing water hoses washing blood off the streets. It sounded like they were making a lot of dark jokes — I had never heard them sound this way. I don’t know how you can walk the streets of your neighborhood, seeing people wash off blood, and just…. like, something not fundamentally change in your mind.
I just, I don’t, I can’t imagine how to process it if I was there. As someone in the diaspora, it’s hard to process being privileged and being away.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
NEWYou can now listen to Fox News articles!
It shows up in your junk folder with a subject line that practically yells at you: “ATTENTION 1!!!” That alone should raise suspicion. Still, the message quickly escalates. It claims to come from the IMF (International Monetary Fund) and says you are approved for a $4.5 million grant.
That is where things start to fall apart. This type of scam is designed to trigger both excitement and urgency. It also pushes you to hand over sensitive information before you stop to think.
Let’s break down exactly what this email says and why each part signals trouble.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS
A fake IMF grant email promises millions of dollars while asking recipients to share personal details and identity documents. (Rawf8/Getty Images)
The sender behind this IMF scam email
The email claims to be from the IMF. Yet the reply address is a Gmail account. That mismatch matters.
Legitimate financial institutions do not use free email services for official communication. They also do not ask you to reply to a personal inbox for something this serious.
Why the subject line is a warning sign
“ATTENTION 1!!!” is not how a global financial organization communicates. It is how scammers try to grab you fast.
Urgency lowers your guard. When you feel pressure, you are more likely to respond without verifying anything.
The greeting reveals a mass email
The message opens with “Attention: Sir/Madam.” If your name were truly selected for a multimillion-dollar payment, the sender would use it.
Generic greetings often mean the email was blasted out to thousands of people.
How the story tries to hook you
The email mentions debts tied to contracts, inheritance, lottery and loans. That wide net is intentional.
It increases the odds that something in the message feels familiar. Once that happens, the scam starts to feel personal.
The $4.5 million promise is the bait
The promise of $4.5 million is not random. Large numbers create excitement. They also make you more willing to overlook obvious problems.
Real financial grants do not appear out of nowhere like this.
YOUR EMAIL DIDN’T EXPIRE; IT’S JUST ANOTHER SNEAKY SCAM
Scam emails may use real organization names, official titles and urgent language to pressure people into responding quickly. (Pekic/Getty Images)
Why scammers use real names
The email mentions IMF Managing Director Kristalina Georgieva. That sounds official, which is the point.
Scammers often include real names or titles to make fake messages feel credible. It is a shortcut to trust.
The writing and grammar feel off
Phrases like “Kindly reply me directly” and awkward sentence structure stand out. One odd sentence might not mean much. However, repeated issues like this point to a lack of professional communication.
Major institutions have strict standards for how they write.
The most dangerous request in this email
This email requests:
- Full name
- Address and location
- Phone number
- Age and occupation
- A copy of your passport or driver’s license
That is everything needed for identity theft. Once someone has those details, they can open accounts, target you with more scams or impersonate you.
The payment method adds false legitimacy
The email promises a bank-to-bank wire transfer. That detail adds a layer of realism. It also sets up the next step. Many scams later ask for “fees” to release the funds.
You send money, and the payment never arrives.
Even the spam excuse is part of the scam
At the end, the email tries to explain away the biggest red flag: “If you have received this message in your SPAM/BULK folder, it is simply because your ISP has introduced restrictions. We urge that you treat it as a matter of urgency.” That is not a reassurance. It is a warning sign.
Scammers know their messages look suspicious, so they try to explain it away before you question it.
THE ONE THING SCAMMERS CHECK BEFORE TARGETING YOU ONLINE
Users should delete suspicious grant emails, avoid links and verify claims directly through official organization websites. (Photographer: Wei Leng Tay/Bloomberg via Getty Images)
How to stay safe from scam emails
Scams like this follow a pattern, and once you know what to look for, you can shut them down quickly before any damage is done.
1) Ignore and delete the message
Do not reply or engage in any way. Even a quick response tells scammers your email is active, which can lead to more targeted attacks. The safest move is to delete it and move on.
2) Do not click links or download attachments
Scam emails often hide malicious links or infected files. One click can take you to a fake login page or install malware on your device. If you were not expecting the message, do not interact with anything inside it.
3) Use strong antivirus software
Strong antivirus software adds another layer of protection. It can flag suspicious emails, block dangerous websites and stop malicious downloads before they cause harm. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
4) Never send personal documents
No legitimate organization will ask for your passport, driver’s license or other sensitive documents through an unsolicited email. Sending that information can open the door to identity theft and financial fraud.
5) Look closely at the sender
Do not rely on the display name alone. Check the full email address carefully for misspellings, random numbers or free domains like Gmail. Small details often reveal a fake.
6) Go directly to official sources
If the message seems important, verify it on your own. Type the organization’s website into your browser or use a trusted contact method. Do not use the links or contact details provided in the email.
7) Remove your personal data from the internet
Scammers often rely on publicly available information to make their messages feel convincing. Data removal services can reduce what is out there, making it harder for criminals to target you in the first place. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
8) Turn on two-factor authentication
Add an extra layer of security to your accounts. With 2FA enabled, a stolen password alone is not enough for someone to get in. This simple step can stop many attacks before they start.
9) Monitor your financial accounts and credit
Check your bank statements and credit reports regularly. Look for unfamiliar charges, new accounts or changes you did not make. Catching fraud early can limit the damage.
10) Consider placing a credit freeze
If you think your personal information was exposed, a credit freeze can help protect you. It prevents new credit accounts from being opened in your name without your approval.
11) Add identity theft protection
Because this scam asks for your name, address, phone number, age, occupation and a copy of your passport or driver’s license, identity theft protection can help you spot trouble faster. A good service can monitor your credit files, alert you to new activity and help you recover if someone uses your information to open accounts or commit fraud in your name. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com
12) Report the scam
Mark the email as phishing in your inbox. This helps your email provider block similar messages and protects other people from falling into the same trap.
Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (Saturday, June 13, 10 am ET)
Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com
Kurt’s key takeaways
This email tries hard to look official. It uses a real organization, a real name and a convincing story. Still, the cracks show up quickly once you slow down. A Gmail reply address, a massive payout, a vague greeting and a request for identity documents all point in the same direction. Scams like this rely on one thing: getting you to act before you think. Take a second look, and the whole thing falls apart.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
If a message promises millions and asks for your personal information, would you pause long enough to question it, or would the urgency pull you in? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Technology
Blue Origin explosion is a major setback for NASA’s Moon plans and Amazon’s Starlink competitor
While Blue Origin investigates the root cause behind last night’s spectacular explosion of its New Glenn rocket, it’s already clear that this will be a major setback for NASA’s Moon base plans and Amazon’s fledgling Leo space internet constellation.
The incident occurred at about 9pm at Blue Origin’s Florida launch site during a hot-fire test, where seven engines in the booster stage are lit while keeping the 322-foot-tall rocket fixed to the launchpad. The explosion and ensuing fireball severely damaged the only launchpad Blue Origin has for its New Glenn rocket.
“It’s too early to know the root cause but we’re already working to find it,” wrote Blue Origin boss Jeff Bezos on X. “Very rough day, but we’ll rebuild whatever needs rebuilding and get back to flying. It’s worth it.”
According to sources speaking to Ars Technica, the transporter-erector and one of the lightning towers at LC-36A may not be salvageable. “New Glenn almost certainly will not launch again in 2026, and frankly a launch during the first half of 2027 would be heroic given the launch site concerns,” writes Eric Berger, senior space editor at Ars Technica.
Such a delay would affect NASA’s Moon base plans. NASA announced on Tuesday that New Glenn would deliver a robotic lunar lander as soon as fall 2026. In 2027, Blue Origin is also scheduled to participate in the upcoming Artemis III mission, which will see astronauts docking their Orion capsule with lunar landers developed by SpaceX and Blue Origin.
“Spaceflight is unforgiving, and developing new heavy-lift launch capability is extraordinarily difficult,” said NASA administrator Jared Isaacman on X. “We will work with our partners to support a thorough investigation of this anomaly, assess near-term mission impacts, and get back to launching rockets.”
The New Glenn rocket that exploded Thursday night was being prepped to carry 48 Amazon Leo satellites — the largest batch ever slated for a single launch — into low-Earth orbit on an upcoming mission. The satellites were not onboard.
To date Amazon has launched just over 300 of the 1,618 Leo satellites the FCC requires by July 30, 2026. Amazon has applied for an extension to keep its license.
Amazon had been counting on New Glenn’s massive payload capacity and reusable boosters to accelerate a launch schedule that is already behind. Without its primary workhorse, Amazon will be forced to rely more heavily on secondary providers like United Launch Alliance (ULA) and Arianespace — and its chief rival, SpaceX.
“Sorry to see this,” wrote fellow billionaire spaceman Elon Musk on X. “I hope you recover quickly.”
NEWYou can now listen to Fox News articles!
You may stop at 7-Eleven for coffee, gas, snacks or a quick drink. What you probably do not expect is to see the company’s name tied to a data breach involving personal information.
That is what happened after breach notification service Have I Been Pwned added 7-Eleven to its database. The service says the breach exposed about 185,000 unique email addresses. The exposed data also included names, dates of birth, phone numbers and physical addresses.
The company later said the breach involved certain 7-Eleven systems used to store franchisee documents. That detail is important because the exposed data appears tied to franchise-related records, rather than ordinary store purchases. Still, if your information was part of the leak, the risk can feel very personal.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
CONDUENT DATA BREACH HITS MILLIONS ACROSS MULTIPLE STATES
A 7-Eleven data breach exposed personal information tied to franchise-related records, including names, addresses and phone numbers. (Erik McGregor/LightRocket via Getty Images)
7-Eleven data breach: What happened?
According to Have I Been Pwned, 7-Eleven was targeted in April 2026 by a “pay or leak” extortion campaign linked to ShinyHunters. The data was later published that same month.
Hackers claimed they had stolen data and threatened to release it unless they were paid.
7-Eleven’s chief information security officer, Jim Kastle, said an unauthorized third party accessed an internal server that contained franchisee documents. The company said the incident involved certain systems used to store those records.
That makes this breach different from a typical customer checkout breach. Based on the company’s notification language, the affected records appear connected to franchise applications or franchisee documents.
10 SIGNS YOUR PERSONAL DATA IS BEING SOLD ONLINE
What data was exposed in the 7-Eleven breach?
Have I Been Pwned says the breach exposed 185,000 unique email addresses. The exposed information also included:
- Names
- Dates of birth
- Physical addresses
- Phone numbers
- Email addresses
Some breach filings also pointed to more sensitive details in certain records. Those details included Social Security numbers and driver’s license numbers. That extra information raises the stakes. Names and addresses can fuel phishing. Dates of birth can help scammers sound convincing. Social Security numbers and driver’s license numbers can create a higher risk of identity theft.
THINK YOU’RE SAFE? IDENTITY THEFT COULD WIPE OUT YOUR ENTIRE LIFE’S SAVINGS
Why the 7-Eleven breach could still matter to you
You may wonder, “I only buy coffee there. Should I care?” For most everyday 7-Eleven shoppers, this breach may not involve store purchase history. However, anyone who applied to become a franchisee, handled franchise documents or shared personal information through that process should pay close attention.
Even when a breach affects a limited group, the exposed data can still spread. Once hackers publish personal records, scammers can reuse them in many ways.
Fake emails could mention 7-Eleven by name. Phone calls may include your name, number or address to sound legitimate. Scammers could also send messages that pressure you to “verify” your identity after the breach. That is where the real damage often begins.
MICROSOFT ‘IMPORTANT MAIL’ EMAIL IS A SCAM: HOW TO SPOT IT
How scammers may use leaked 7-Eleven data
Hackers do not need every detail about you to cause trouble. A few personal facts can make a scam feel believable.
For example, a scammer might send an email that claims to be from 7-Eleven, an identity theft protection company or a breach response team. The message may say you need to click a link to activate identity protection. It may also ask you to confirm your Social Security number, upload your driver’s license or enter banking details.
That kind of message can feel urgent. Scammers count on that reaction.
They know people act quickly when they feel scared. They may use phrases like “final notice,” “account locked,” or “breach claim pending” to push you into clicking before thinking.
DIY IDENTITY PROTECTION VS PAID SERVICES: WHAT WORKS IN 2026
What 7-Eleven says about the data breach
7-Eleven reportedly notified affected individuals and arranged identity theft protection for up to 24 months.
If you receive a notice, read it carefully. Use the official instructions in the letter. Avoid clicking links in random emails or text messages that claim to offer breach help.
Instead, type the official website address into your browser yourself. You can also contact 7-Eleven through a verified channel.
We reached out to 7-Eleven for comment, but did not hear back before our deadline.
CHECK IF YOUR PASSWORDS WERE STOLEN IN HUGE LEAK
Cybersecurity researchers say hackers linked to ShinyHunters published data from a 7-Eleven breach affecting about 185,000 email addresses. (Deb Cohn-Orbach/UCG/Universal Images Group via Getty Images)
Ways to stay safe after the 7-Eleven data breach
A breach can feel out of your hands. However, you still have several smart moves available.
1) Check whether your email was exposed
Go to Have I Been Pwned at haveibeenpwned.com and search your email address. The service lets you see whether your email appears in known breach databases, including the 7-Eleven listing. If your email appears, do not panic. Treat it as a signal to tighten your accounts and watch for targeted scams. When done, come back here for Step 2.
2) Change your passwords immediately
Start with your most important accounts, such as email, medical and banking. Use strong, unique passwords with letters, numbers and symbols. Avoid predictable choices like names or birthdays. Never reuse passwords. One stolen password can unlock multiple accounts. A password manager makes this simple. It stores complex passwords securely and helps you create new ones. Many managers also scan for breaches to see if your current passwords have been exposed. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
3) Watch for fake breach emails
Be careful with emails, texts or calls that mention 7-Eleven. Scammers may use the breach as bait. Do not click links from unexpected messages. Instead, go directly to the company’s official website. Also, avoid opening attachments unless you fully trust the sender. The best way to protect yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safer. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
19 BILLION PASSWORDS HAVE LEAKED ONLINE: HOW TO PROTECT YOURSELF
4) Turn on two-factor authentication
5) Place a fraud alert or credit freeze
If your Social Security number or driver’s license number was exposed, consider a credit freeze with Equifax, Experian and TransUnion. A credit freeze makes it harder for criminals to open new accounts in your name. You can lift it when you need to apply for credit. A fraud alert can also warn lenders to take extra steps before approving new credit.
6) Remove your personal information from data broker sites
Leaked information can become even more dangerous when scammers combine it with details already floating around online. Data brokers may list your home address, phone number, relatives, age and other personal details.
You can remove your information manually from individual data broker sites, though that process takes time. A data removal service can help automate opt-out requests and continue monitoring for your information when it reappears. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
7) Consider identity theft protection
If your Social Security number or driver’s license number was exposed, identity theft protection may be worth considering. These services can monitor your credit, alert you to suspicious activity and help with recovery if someone tries to open accounts in your name. If you receive an official breach notice from 7-Eleven, review any identity protection offer carefully. Go through the official letter or verified company website rather than clicking links in random emails or texts. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.
8) Monitor your mail and financial accounts
Watch for unfamiliar bills, credit cards, loans or government notices. Also, review your bank and credit card statements. If you see something suspicious, report it right away. The sooner you act, the easier it can be to limit damage.
INSIDE A SCAMMER’S DAY AND HOW THEY TARGET YOU
7-Eleven says an unauthorized third party accessed systems used to store franchisee documents during an April 2026 cyberattack. (Jakub Porzycki/NurPhoto via Getty Images)
9) Be careful with phone calls
If someone calls and claims to help with the breach, slow down. Do not give out your Social Security number, driver’s license number or banking details over the phone. Hang up and call the company back using a verified number.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaways
Data breaches have become so common that it is tempting to shrug them off. That can be risky. Personal details such as your name, address, date of birth and phone number can give scammers a running start. The 7-Eleven data breach may not affect every customer who has ever bought a Slurpee or filled up at one of its stores. However, for the people whose information was exposed, it can create a long tail of fraud risk. The best move now is simple. Verify before you click, strengthen your accounts and assume scammers may try to use this breach as a conversation starter.
Should companies face tougher penalties when personal data tied to job, franchise or business applications ends up in hackers’ hands? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
-
Sports4 minutes ago2026 World Cup Odds: Spain Narrowly Favored Over France
-
Technology10 minutes agoFake grant email promises $4.5 Million but could steal your identity
-
Business16 minutes agoAnother tech company says it will cut hundreds of jobs amid pivot to AI
-
Entertainment22 minutes agoThis Puerto Rican filmmaker honored his family with an unconventional movie called ‘TheyDream’
-
Lifestyle28 minutes agoL.A. Affairs: I went on 53 first dates in one summer. Here’s a look at my spreadsheet
-
Politics34 minutes agoTrump holds Situation Room meeting to decide on Iran deal
-
Science40 minutes agoOxnard man smuggled baby crocodiles, among 1,700 reptiles, gets 5 years
-
Sports46 minutes agoA new board game mocks Shai Gilgeous-Alexander for ‘foul baiting.’ He wants it destroyed
