The ShinyHunters group publicly released information on 1.4 million Udemy users. The action occurred after the platform failed to meet payment requirements. The leak includes the full names, addresses, phone numbers and payment details of instructors.
Have I Been Pwned (HIBP) confirmed the authenticity of the set and added the email addresses to its search pool. The announcement took place on April 26, 2026. The deadline given by the group ended on Sunday.
Grupo demanded ransom and fulfilled leak threat
ShinyHunters listed Udemy on their dark web site on April 24th. The message indicated more than 1.4 million records with internal personal and corporate data. The text demanded payment under penalty of total release.
The company did not negotiate. The group then published the material. “The company failed to reach an agreement with us despite all our patience,” the post noted. The initial deadline was the 27th.
- Nomes complete and birth dates
- Telefones, cell phones and emails
- Endereços residential or correspondence
- Cargos, company names and corporate data
- CPF/CNPJ and municipal registrations in some cases
Esses items appear in spreadsheets analyzed by technology outlets. The material also includes payment methods used by instructors, such as PayPal, bank transfer and check.
Have I Been Pwned validates the leaked dataset
The monitoring service incorporated the leak into its system on Monday. Troy Hunt, creator of HIBP, highlighted that 56% of emails were already included in previous breaches. Isso does not reduce current risk.
Usuários can check haveibeenpwned.com to check their addresses. The search is free and indicates whether the email appears in the Udemy incident. Instrutores receive extra guidance for monitoring bank accounts and PayPal.
Udemy has not yet issued an official statement about the case. Tentativas of contact with the company had no response until the closing of this report.
Corporate Dados increases risk of targeted phishing
Professional emails combined with job titles and company names facilitate more convincing attacks. Golpistas can create messages that simulate internal communications. The objective is usually to steal credentials or carry out financial fraud.
Endereços physical and phone numbers extend the reach for smishing and fake calls. The exposed payment methods represent a direct risk for instructors who receive amounts through the platform.
Especialistas recommend immediately changing passwords. The measure applies mainly to those who reuse the same credential in other services. Ativação’s two-factor authentication also helps block unauthorized access.
ShinyHunters continues pattern of extortion against large targets
The group is among the most active in the cybercrime scene. Nas in recent weeks has listed victims as Amtrak, Rockstar Games, and healthcare and retail companies. The method remains the same: theft, demand for payment and leakage in case of refusal.
In 2025, ShinyHunters was linked to an incident at Salesforce. Outro case involved 2.5 million records from a home security company. The sequence shows persistence in the “pay or leak” tactic.
Udemy operates as one of the largest online course platforms in the world. Milhões of students and instructors use the service for training and selling content. The leak mainly affects the course creators side.
Medidas recommended for those who use the platform
Troque the Udemy account password as soon as possible. Evite passwords repeated on other sites. Monitore bank statements and suspicious login alerts in the coming weeks.
Fique attentive to contacts that mention personal data or specific courses. Qualquer email or message that raises doubts should be ignored. Udemy does not request sensitive data through unofficial channels.
Usuários Brazilians rely on HIBP for quick checking. The website updates the database with the exposed emails. The consultation takes seconds and guides you on next steps.
The incident reinforces the importance of protecting information in digital services. Large Plataformas remain frequent targets of organized groups. Constantly checking for leaks helps reduce damage.