Hackers claim to have breached Udemy, stealing 1.4 million user records

Notorious hacking group ShinyHunters recently announced they had breached Udemy’s systems and exfiltrated a large dataset of user information.

Key takeaways:

• Hackers claim to have stolen 1.4 million Udemy user records
• The company has not confirmed the breach
• Stolen information may include personal and internal data
• Attackers are using a “pay or leak” extortion tactic
• Users should update passwords, enable 2FA, and watch out for scams

What happened?

On April 24, 2026, the cybercriminal group ShinyHunters issued a “pay or leak” ultimatum, warning Udemy that they had breached their systems and that over 1.4 million records, including internal corporate data, would be made public if their demands were not met.

“Over 1.4M records containing PII and other internal corporate data have been compromised. Pay or Leak,” ShinyHunters said on their leak site. “This is a final warning to reach out by 27 Apr 2026 before we leak, along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.”

What data was allegedly exposed?

According to Haveibeenpwned, the breach includes an extensive dataset. The reportedly compromised data may include:

• Email addresses
• Full names
• Phone numbers
• Physical addresses
• Employers
• Job titles
• Payment method information

At the time of writing, the breach remains unconfirmed by Udemy.

If the data is legitimate, exposed information could be used in targeted phishing campaigns, credential stuffing attacks on other platforms, and account takeover attempts.

What should Udemy users do?

Even though the breach is still unconfirmed, it’s a good time to double-check your security.

Start with the basics and update your passwords. If you’ve used your Udemy password elsewhere, change it and don’t forget to enable 2FA, which adds an extra barrier that can stop many automated attacks.

Be cautious with incoming messages. Expect phishing attempts that reference courses, certificates, or account issues. Use free scam detection tools like Scamio and Link Checker to verify suspicious links before interacting.

And finally, keep an eye out for potentially exposed data. Services like Bitdefender Digital Identity Protection are designed for exactly this kind of situation.

Even if this breach claims turns out to be false, the service continuously monitor for your personal data across known leaks. If your information does surface in a confirmed breach, you’ll get real-time alerts and clear steps to secure your identity.