Udemy customer and instructor data leaked publicly after ShinyHunters' extortion deadline expires - 1.4 million records including PayPal payout details

Online learning giant Udemy's customer and instructor data was leaked publicly today after the company refused to pay ShinyHunters' extortion demand. Have I Been Pwned added the breach yesterday with 1.4 million unique email addresses. The dataset goes well beyond contact information: it includes full names, physical addresses, phone numbers, employer details, and instructor payout methods - PayPal email addresses, mailing addresses for cheques, and bank transfer details. Udemy was listed on ShinyHunters' 'pay or leak' portal April 24 with a three-day deadline. The company has not publicly confirmed the breach or said how attackers got in.

Check

Reset your Udemy password if you have an account, especially if you're an instructor with payout details on file, and watch for highly targeted phishing.

Affected

Udemy customers and instructors with accounts before April 2026, particularly instructors whose PayPal addresses, cheque mailing addresses, and bank transfer details are in the leak. Any organization using Udemy for staff training has employee details exposed and should expect tailored phishing referencing real course history.

Fix

Reset Udemy passwords and rotate any password reused on other accounts. Instructors should monitor PayPal and bank accounts and contact PayPal to flag the email as compromised. Brief staff that any 'Udemy' email referencing their real course history is potentially hostile - go to udemy.com directly rather than clicking links. Add Udemy lookalike domains to your DMARC monitoring.