www.it-connect.fr
ShinyHunters Leak Udemy Data on 1.4 Million Users
The online learning platform Udemy is one of the latest victims of the cybercriminal group ShinyHunters. The hackers have published a database containing more than 1.4 million records. What does this data leak contain? Here is what we know about this security incident.
1.4 million Udemy users’ data exposed
On April 24, 2026, the ShinyHunters cybercriminal group added Udemy to its dark web trophy list. At first, the hackers attempted to demand a ransom, but since it was not paid, the data was leaked.
"This is a final warning for us to contact you by April 27, 2026 before we leak the data, along with several annoying (digital) issues that will come your way. Make the right decision, don’t make headlines.", these were the hackers’ words to pressure Udemy.
Proof that this database was indeed published by the hackers is that it was later recovered and added to the Have I Been Pwned (HIBP) platform. This database does contain 1.4 million records, each with an email address. Beyond that information, this data breach also exposes:
- First and last names
- Postal addresses
- Phone numbers
- Job and employer information
- Payment methods
If you use the Udemy platform or have an account, you can now check whether you are on the list of victims by searching for your email address on Have I Been Pwned. It is worth noting that 56% of these addresses had already appeared in previous breaches.
This data leak does not affect all Udemy users: 1.4 million accounts are impacted, while in 2025 Udemy claimed 81 million registered users. However, it is likely that business email addresses are included in this database.
For its part, Udemy has not communicated at all about this now-confirmed security incident. I couldn’t find the slightest official statement...
ShinyHunters keeps chaining cyberattacks...
This data theft at Udemy is unfortunately not an isolated case. Over the past few weeks, the ShinyHunters group has targeted other major organizations, including Rockstar Games. Not to mention the release of 2.5 million records belonging to Alert 360, the fifth-largest provider of security systems for consumers and businesses in the United States.
Just a few hours ago, the ShinyHunters group also added Vimeo to its portal, stating the following: "Your Snowflake and BigQuery instance data has been compromised by Anodot.com. Pay or we leak it. This is a final warning: contact us before April 30, 2026, otherwise we will leak it and you will face many (digital) issues that are sure to cause you trouble. Make the right decision, don’t make the headlines." – To be continued.
