Home > Security > Security News

Udemy Data Breach Results in 1.4 Million Accounts Leaked by ShinyHunters

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Online Learning - Education - Student - Courses - e-Learning
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Data exposure: The April 2026 Udemy data breach exposed 1.4 million user accounts publicly following a sophisticated network intrusion.
  • Threat actor identification: The notorious ShinyHunters extortion group claimed the cyberattack, demanding a ransom before publishing the stolen database on underground forums.
  • Compromised personal information: Exposed records include names, physical addresses, phone numbers, and more.

In April 2026, ShinyHunters breached the global online learning platform Udemy. This incident left 1.4 million accounts leaked, directly impacting both registered students and educational instructors. The Have I Been Pwned (HIBP) repository officially indexed the compromised dataset on April 26, 2026.

ShinyHunters Extortion and Data Leak

The ShinyHunters extortion group claimed it had exfiltrated 1.4 million accounts and associated data, demanding a ransom under threat of publishing the data. Subsequently, the cybercriminals released the e-learning platform's stolen database. 

The exfiltrated Udemy database contains highly sensitive personally identifiable information (PII), according to HIBP, including:

ShinyHunters claim Udemy breach | Source: Cybernews
ShinyHunters claim Udemy breach | Source: Cybernews

Most critically, the data breach compromised instructors' payment method details, including PayPal, bank transfers, and cheques.

Escalating Cybersecurity Threats

This security failure highlights the escalating cybersecurity threats targeting large-scale educational repositories. Organizations managing extensive user databases must fortify their access controls, implement rigid encryption protocols, and continuously monitor their perimeter to mitigate the risk of data exfiltration events.

Recently, ShinyHunters this month released 78.6 million internal analytics records, reportedly from a confirmed Rockstar Games data breach

The group was also involved in the March 2026 Hallmark data breach that exposed 1.7 million customer records and claimed an alleged Cisco breach linked to the Trivy supply chain compromise. In early March, ShinyHunters claimed to have compromised Salesforce, Snowflake, Okta, Sony, AMD, LastPass, and other accounts via a massive Salesforce breach.  

Add a Comment
Related
Fake Android Apps Distributing Spyware, Linked to Italian Surveillance Vendor IPS
Cyber Job Moves: The People Moves Driving Today’s Security Industry
Cybersecurity News Roundup: From Roblox Cheats To Enterprise Breaches, Small Actions Led To Big Compromises
CISCO
Attackers Breach US Agency via Cisco Firepower and Secure Firewall Devices, Distribute Firestarter Malware
Calling - Support Staff - Phone - Laptop
UNC6692 Deploys Custom SNOW Malware via Impersonating IT Helpdesks on Microsoft Teams
Vercel Investigation Discovers More Compromised Accounts in Context.ai Breach and a Separate, Prior Breach
Most Popular
Fake Android Apps Distributing Spyware, Linked to Italian Surveillance Vendor IPS
Cyber Job Moves: The People Moves Driving Today’s Security Industry
Cybersecurity News Roundup: From Roblox Cheats To Enterprise Breaches, Small Actions Led To Big Compromises
CISCO
Attackers Breach US Agency via Cisco Firepower and Secure Firewall Devices, Distribute Firestarter Malware
Calling - Support Staff - Phone - Laptop
UNC6692 Deploys Custom SNOW Malware via Impersonating IT Helpdesks on Microsoft Teams
Vercel Investigation Discovers More Compromised Accounts in Context.ai Breach and a Separate, Prior Breach
Fake Android Apps Distributing Spyware, Linked to Italian Surveillance Vendor IPS
Cyber Job Moves: The People Moves Driving Today’s Security Industry
Cybersecurity News Roundup: From Roblox Cheats To Enterprise Breaches, Small Actions Led To Big Compromises
Attackers Breach US Agency via Cisco Firepower and Secure Firewall Devices, Distribute Firestarter Malware
UNC6692 Deploys Custom SNOW Malware via Impersonating IT Helpdesks on Microsoft Teams
Vercel Investigation Discovers More Compromised Accounts in Context.ai Breach and a Separate, Prior Breach

Most Popular
Fake Android Apps Distributing Spyware, Linked to Italian Surveillance Vendor IPS
Cyber Job Moves: The People Moves Driving Today’s Security Industry
Cybersecurity News Roundup: From Roblox Cheats To Enterprise Breaches, Small Actions Led To Big Compromises
CISCO
Attackers Breach US Agency via Cisco Firepower and Secure Firewall Devices, Distribute Firestarter Malware
Calling - Support Staff - Phone - Laptop
UNC6692 Deploys Custom SNOW Malware via Impersonating IT Helpdesks on Microsoft Teams
Vercel Investigation Discovers More Compromised Accounts in Context.ai Breach and a Separate, Prior Breach
Fake Android Apps Distributing Spyware, Linked to Italian Surveillance Vendor IPS
Cyber Job Moves: The People Moves Driving Today’s Security Industry
Cybersecurity News Roundup: From Roblox Cheats To Enterprise Breaches, Small Actions Led To Big Compromises
Attackers Breach US Agency via Cisco Firepower and Secure Firewall Devices, Distribute Firestarter Malware
UNC6692 Deploys Custom SNOW Malware via Impersonating IT Helpdesks on Microsoft Teams
Vercel Investigation Discovers More Compromised Accounts in Context.ai Breach and a Separate, Prior Breach

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: