Alleged user data breach at Udemy

In April 2026, a suspected data breach was reported on the online education platform Udemy, which is believed to have affected approximately 1.4 million users. The alert emerged in the middle of the month, when a group of cybercriminals known as ShinyHunters claimed to have compromised the platform’s data. The news spread rapidly through cybersecurity media outlets and breach databases such as Have I Been Pwned, causing concern among users and the online learning community.
According to reports, the incident involved the exposure of personal and professional data belonging to users and some instructors, including names, email addresses, phone numbers, physical addresses, and, in some cases, payment information. The breach has not been officially confirmed by Udemy, so no formal statement has been issued, nor has a response protocol been outlined for affected users. So far, the only visible action has been monitoring of the situation by cybersecurity researchers and specialized media outlets, who have alerted users to the possibility that their data may have been compromised.
Currently, the status of the incident remains unclear due to the lack of official confirmation from Udemy. The company has not reported any direct mitigation measures, such as account suspensions, password resets, or notifications to users. Going forward, the platform is expected to issue an official statement to clarify the situation, implement additional security measures, and guide users on how to protect their information.