Hacker group exposes data from more than 1 million course platform instructors
The criminal organization known as ShinyHunters has released a massive database containing information on approximately 1.4 million instructors registered with Udemy. The leak was published on April 26, 2026 and includes sensitive details about how criminals use the system to sell fake classes and pirated materials. The incident has reignited concerns about security on digital educational platforms and exposed critical vulnerabilities in the protection of user data.
Leaked Conteúdo Reveals Fraud Strategy
The data package published by the gang contains detailed information about how criminals operate within the platform. Segundo analysis from security experts, the file includes instructions for creating fraudulent accounts, offering fictitious courses, and selling unauthorized materials. The organization initially released the target list on its dark web portal on April 24, two days before the database was fully released.
The criminals demanded an undisclosed amount of money to keep the data confidential. The online education company rejected any negotiations with the attackers. The platform’s administration chose not to give in to extortionary pressure, a decision that accelerated the public disclosure of the stolen information.
Dados personal and financial at risk
The file exposed for free on a security forum contains a comprehensive set of private information. Especialistas in technology analyzed the content and identified critical elements for identity theft and financial fraud.
- Nomes complete with accurate birth dates.
- Números of instructors’ personal and business phone numbers.
- Endereços residential and business locations.
- Nomes of managers and information from partner companies.
- Documentos identification and records of municipal bodies.
The most critical aspect of this incident involves the exposure of the payment methods used by the instructors. The spreadsheet contains data on active PayPal accounts, direct bank transfer information, and processed transaction histories. With this information, criminals can impersonate educators and direct sophisticated scams against other potential victims.
Ferramentas verification confirms authenticity of leak
The Have I Been Pwned service integrated the leaked database into its search structure on the last day of the previous month. The creator of the monitoring platform identified consistent patterns during initial file analysis. Mais of half of the email addresses in the Udemy package were already in previous security breaches documented on the site.
Qualquer person can access the portal free of charge and check the status of their accounts and email addresses. The search works by entering the email address in the main field on the home page. Quando an address appears in the list published by ShinyHunters, the system issues an immediate alert to the user. Especialistas in Cybersecurity recommends that educators monitor abnormal activity in banking applications and credit cards.
Leia Também
The absence of Neymar’s wedding ring in a New York club stirs social media during the Brazilian team’s break
Parachuting plane crash leaves eleven dead in northeastern France this Sunday
Financial analysis indicates that GTA 6 generated US$1 billion in the first hour of pre-sales
Risco of targeted fraud increases with prolonged exposure
Quando corporate data and personal identifiers are combined, criminals gain the upper hand in highly targeted phishing campaigns. Fake Mensagens may simulate official communications from the platform’s technical support. Specialized Golpistas can forge matches that appear authentic, including logos and formatting identical to the originals.
The risk grows exponentially when cell phone numbers are exposed. Mensagens Fraudulent SMS and phone calls during business hours open the door to direct attacks. Criminosos often pose as representatives of recognized financial institutions in the market. Eles request transfers via Pix, immediate blocking of credit cards or confirmation of personal data before carrying out any malicious action against the victim.
Group’s Histórico reveals pattern of large-scale attacks
The ShinyHunters organization occupies a relevant position in the global cybercriminal ecosystem. Esse collective has maintained a sequence of invasions against large companies in recent years. Eles have published statements of responsibility for attacks against shipping companies, game development studios and major retail chains. The operational pattern changes depending on the target, but the approach remains consistent in terms of extortion and data disclosure.
The recent history demonstrates high technical competence in circumventing corporate defenses. In 2025, the group broke into critical systems of a multinational software company and accessed hundreds of thousands of records from a home security organization. Após stole data and requested a ransom in dollars, when refused, they disclosed the content. Essa systematic tactics became the group’s trademark, demonstrating a high level of operational sophistication in parallel information markets.
