ShinyHunters claims it stole 1.4 million records from Udemy

The ShinyHunters group claims it has breached the Udemy, one of the world’s largest online learning platforms.

According to Have I Been Pwned, the leaked dataset contained 1.4 million unique email addresses of customers and instructors, along with names, physical addresses, phone numbers, employer information, and instructor payout methods, including PayPal, cheque, and bank transfer.

“Over 1.4M records containing PII and other internal corporate data have been compromised. Pay or Leak,” ShinyHunters wrote on their leak site.

“The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don’t care,” they added.

If confirmed, this data could serve as a valuable asset for cybercriminals in conducting phishing attacks.

The ShinyHunters group is particularly known for vishing, a social engineering tactic in which attackers impersonate IT support staff through phone calls to trick employees into revealing sensitive information.

The group’s activity has intensified in recent weeks, with multiple breaches attributed to it, including those involving ADT, the European Commission, Aura, and Rockstar Games, among others.

Udemy has not yet made an official statement regarding the claims or what data may have been exposed.