Back to all articles
SQL Injection

Eleven breach (2007)

Jun 03, 2026

Eleven breach (2007)
The 2007 attack on 7-Eleven remains one of the most significant cases involving the use of the SQL Injection technique in cybercrime. According to official documents from the U.S. Department of Justice, a group of attackers exploited vulnerabilities in database applications to infiltrate the payment systems of several companies, including the 7-Eleven chain. Initially, they injected malicious SQL commands to gain unauthorized access. Subsequently, they installed malware that allowed them to remain within the system for an extended period without detection. Using specialized programs, they intercepted credit and debit card data during transmission. This data was then sold on illegal markets. As a result of this attack, over 130 million credit card numbers were stolen. This made it one of the largest data breaches at the time and demonstrated the severe financial and legal consequences that SQL Injection vulnerabilities can cause. The attack was made possible due to a lack of input filtering and weak security within the database systems. Evidence from investigations confirms the use of SQL Injection, the installation of malware, and the theft of financial data as part of a broader international scheme.

References

https://www.radware.com/cyberpedia/application-security/sql-injection/#CommonSQLInjectionTechniques
https://www.mdpi.com/2076-3417/15/23/12351