Extortion group ShinyHunters has claimed a breach at Udemy, an e-learning platform. The hackers are threatening to release over 1.4 million records containing personally identifiable information and other corporate data. The claims haven’t yet been officially confirmed.
On April 24th, 2026, ShinyHunters, an infamous cybercrime and extortion gang, listed Udemy on its victim site on the dark web and claimed to have obtained troves of sensitive data.
“Over 1.4M records containing PII and other internal corporate data have been compromised. Pay or Leak,” ShinyHunters threatened the company.
“This is a final warning to reach out by 27 Apr 2026 before we leak, along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.”
Update: ShinyHunters released the data
On Sunday, ShinyHunters released a dataset allegedly containing data belonging to Udemy.
“The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care,” the post on the dark web reads.
Have I Been Pwned (HIBP), a data breach search engine, has added 1.4 million email addresses from the dump and confirmed that the data includes names, addresses, phone numbers, employer information and instructor payout method.
56% of emails have previously appeared in other leaks.
Cybernews has reached out to Udemy for a comment and will update the story with its response.
For comparison, Udemy had an estimated 77 million e-learners in 2024, and the number is likely to have grown since then.
“Since there is no published dataset yet, we can only guess what exact data was obtained,” said Rasa Jurgutyte, a Cybernews information security researcher said prior to the data release.
It’s not yet clear whether the 1.4 million allegedly compromised records include information from users, lecturers, employees, or a combination of these groups.
“Still, 1.4 million is a huge amount of records, and the consequences could be serious. Besides the obvious risks of scams and possible financial fraud, this data could additionally provide threat actors with recon material, since many people use Udemy courses to strengthen their career skills,” Jurgutyte added.
Another potential danger is that exposed email addresses, especially those linked to users’ workplaces, might provide a phishing/business email compromise attack angle for cybercriminals.
It’s yet to be seen how the company responds to the claims and what data might be exposed.
Udemy recently agreed to merge with Coursera, forming a single, larger combined company.
In the past few weeks, ShinyHunters has breached many high-profile organizations. The gang dumped 2.5 million records allegedly belonging to Alert 360, the fifth-largest home and business security systems provider in the US, after ransom negotiations broke down.
ShinyHunters claimed attacks on Amtrak, RockStar Games, Hims & Hers, Hallmark, the European Commission, and Ameriprise Financial.
The gang also dumped Mytheresa, Zara, Carnival, and 7-Eleven data in a fresh leak wave
ShinyHunters is linked to major cybercrime campaigns, such as last year’s Salesforce CRM data heist that targeted enterprise cloud services and customer databases.
Updated on April 27th [10:45 a.m. GMT] with additional information.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked