Udemy Data Breach: ShinyHunters Leak 1.4 Million Accounts #cybersecurity #databreach #udemy

ShinyHunters hit Udemy with their signature "pay or leak" extortion — 1.4 million accounts are now confirmed leaked and listed on Have I Been Pwned. The breach includes customer and instructor data: names, email addresses, physical addresses, phone numbers, employer information, and instructor payout methods (PayPal, bank transfer, cheque). ShinyHunters posted the data to their leak site on April 24, 2026, with a three-day ultimatum. Udemy has not publicly confirmed or denied the breach. According to Mandiant, ShinyHunters' documented approach involves vishing — voice phishing — where they call employees posing as IT support and capture SSO credentials and MFA codes via fake login pages. In 2026 alone, the group has been linked to breaches at Wynn Resorts, Panera Bread, Harvard, McGraw-Hill, and ADT. Sources: https://haveibeenpwned.com/Breach/Udemy https://cybersecuritynews.com/udemy-data-breach/ https://cloud.google.com/blog/topics/threat-intelligence/expansion-shinyhunters-saas-data-theft More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday.