ShinyHunters Extortion Group Claims Breach of 1.4 Million Udemy Records

ShinyHunters extortion group claim a successful breach of Udemy, a global online learning platform. The threat actor posted a "Pay or Leak" notice on their dark web site on April 24, 2026, alleging the theft of 1.4 million records.

 ShinyHunters set a deadline of April 27, 2026, for the company to respond before the data is publicly released.

The ShinyHunters group claims the stolen files contain:

• Personally Identifiable Information (PII)
• Internal corporate data
• User account records
• Workplace-linked email addresses

Udemy has not issued a public statement or confirmed the breach at this time. There is no evidence yet of law enforcement notification or the hiring of external security firms. Security researchers are monitoring the group's leak site for the publication of data samples after the April 27 deadline. 

This incident follows a pattern of ShinyHunters targeting the education and SaaS sectors, including recent attacks on Harvard University and Vercel.