Data from 1.4 million Udemy users is exposed by hacker group
The hacker group ShinyHunters disclosed personal information of 1.4 million users of the Udemy platform. The leak occurred after the company failed to meet the criminal group’s demands. The exposed data includes instructor names, addresses, phone numbers and payment details. The revelation was made on April 26, 2026, with a deadline set by the group for the 27th.
Grupo criminal publishes data and demands ransom
ShinyHunters listed Udemy on a dark web site on April 24th. The released message contained more than 1.4 million records with internal and corporate information. The text demanded payment based on penalties established by the group. Quando the company refused to negotiate, the criminals published the full material.
Conforme reported, Udemy did not respond to initial demands. Posteriormente, the group released the files. In a later statement, the company stated that it had made concessions, but was unable to reach an agreement with the criminals. The original deadline was April 27th.
Dados exposed include sensitive information
- Nome complete and date of birth
- Telefone, cell phone and email address
- Endereço residential or delivery
- Profissão, company name and corporate information
- CPF, CNPJ and records of municipal bodies, when applicable
The data was analyzed by technology experts and published in spreadsheets. Materials include information on payment methods such as PayPal, bank transfers and digital wallets. Instrutores also receive additional guidance on bank accounts and PayPal for fraud monitoring.
Plataforma Have I Been Pwned confirms exposure
The surveillance service Have I Been Pwned (HIBP) has integrated the leak into its system. Troy Hunt, creator of the platform, highlighted that 56% of email addresses were already compromised in previous breaches. Isso means that the current risk is not completely new for these users.
Usuários can verify their addresses at haveibeenpwned.com for free. The search shows whether the email was included in the Udemy incident. Instrutores receive additional guidance regarding bank accounts and PayPal. Ativar two-factor authentication provides additional protection against unauthorized access.
Risco high in targeted fraud
Combinar corporate email with company name and personal data facilitates more convincing phishing attacks. Criminosos can simulate internal communications in targeted messages. The typical objective is to steal credentials, execute financial fraud, or carry out other crimes. Dados address and telephone number increase the possibilities of scams and telephone fraud.
Especialistas recommend changing passwords immediately. The measure is especially important for users who reuse credentials across multiple services. Two-factor Autenticação provides additional protection against unauthorized access.
Leia Também
The absence of Neymar’s wedding ring in a New York club stirs social media during the Brazilian team’s break
Parachuting plane crash leaves eleven dead in northeastern France this Sunday
Financial analysis indicates that GTA 6 generated US$1 billion in the first hour of pre-sales
ShinyHunters follows pattern of mass attacks
The group is one of the most active in the current cybercrime scenario. Nos In recent months, the organization has attacked Autotrade, Rockstar Games, medical companies and small businesses. The pattern remains consistent: extortion, demand for payment, and leakage when refused. The approach has not changed.
In 2025, ShinyHunters was linked to an incident at Salesforce. Outro case involved 2.5 million records from a home security company. Essa sequence of attacks illustrates the group’s reach. Udemy, as one of the largest online course platforms in the world, represents a high-value target. Milhões of students and instructors use the service for training and selling content. The leak mainly affects course creators.
Recomendações for users and instructors
Usuários Udemy must change passwords as soon as possible. Evitar reusing the same password on other services is essential. Nos in the coming days, monitor suspicious activity in bank accounts and be wary of emails requesting personal information. Udemy does not request confidential data through unofficial channels.
Personal Dados and information about specific courses deserve attention. Desconfiar of suspicious emails and messages asking for data confirmation. The platform never requests sensitive information through informal channels. Usuários Brazilians can use HIBP for quick verification. The site updates databases with public information. The process takes seconds and offers immediate peace of mind.
The incident reinforces the importance of data protection in digital services. Large Plataformas continue to be targets of organized groups. Manter constant surveillance allows you to quickly identify compromises. Vazamentos does not disappear, but informed users can better protect themselves.
