Seems Udemy got hacked, but hasn't told anyone yet (feddit.online)

submitted 1 month ago by Jerry@feddit.online to c/cybersecurity@sh.itjust.works

8 comments fedilink hide all child comments

Received this email about Udemy having been hacked. Doesn't seem like Udemy feels any urgency in informing anyone.

Hi Jerry, an announcement has been made from Alexander, instructor of Elementor Mastery - Build Amazing Websites With Elementor, The Ultimate WordPress Boot Camp Course - Build 10 Websites and 1 more course.

Hi everyone,

I wanted to reach out directly about a security incident that affects this platform and may affect you.

On April 24, the threat group known as ShinyHunters added Udemy to their data leak site and issued a three-day deadline. The deadline passed on April 27, and the data has now been published. Have I Been Pwned has confirmed the leak contains approximately 1.4 million unique email addresses, along with names, physical addresses, phone numbers, employer information, and for instructors, payout method details (PayPal, cheque, bank transfer information).

As of this announcement, Udemy has not issued a public statement, has not responded to media inquiries, and has not directly notified affected users. I want to be transparent with you that this is the case, because you may not learn about it from Udemy itself.

What you should do right now:

Check your email address at haveibeenpwned.com to confirm whether your account is in the leaked dataset.

Change your Udemy password immediately, and change it anywhere else you may have reused that password.

Enable multi-factor authentication on your Udemy account if you have not already.

Be alert for targeted phishing emails over the coming weeks. Attackers will likely send messages referencing your course history, instructor name, or payout details to appear legitimate. Treat any unexpected email about your account, refunds, or payments with extra scrutiny.

If you are an instructor, monitor your linked payout accounts (PayPal, bank) closely for unusual activity.

I have published a video on my YouTube channel that walks through the breach in detail, explains how this attack pattern works, and covers each of these protective steps in depth. If you find this kind of breakdown useful, the link is below.

https://www.youtube.com/watch?v=Ycbeoibawp8

I will continue to update you here if Udemy issues a statement or if new information emerges. In the meantime, take the steps above and stay vigilant.

Stay safe,

Alex

top 8 comments

sorted by: hot top controversial new old

[-] kid@sh.itjust.works 8 points 1 month ago

Looks like it: https://haveibeenpwned.com/Breach/Udemy

[-] DishaweslemOride@lemmy.org 6 points 1 month ago

Everyone gets hacked eventually.

[-] henfredemars@infosec.pub 7 points 1 month ago

Indeed. This is why I don’t want most companies to have my personal information in the first place.

[-] _haha_oh_wow_@sh.itjust.works 3 points 1 month ago

It's a strong possibility, but how these incidents are handled says a lot.

[-] village604@adultswim.fan 0 points 1 month ago

I wonder if they're going to wait until the deadline to announce it. That's what our local hospital did.

[-] farmgineer@nord.pub 3 points 1 month ago

Hrm. I have a specific email address for udemy and it doesn't show up on haveibeenpwned so far.

[-] Cyber@feddit.uk 2 points 1 month ago

Hmmm.

We use this at work, so have open access for the team. Just checked and my work's email isn't in there, so I'm presuming we're safe... not sure about whoever pays the bill though.

[-] jonathan@piefed.social 1 points 1 month ago* (last edited 1 month ago)

For context, they have approaching 80 million users. I wonder if this was a partner breach rather than a direct hack.

this post was submitted on 28 Apr 2026

34 points (94.7% liked)

Cybersecurity

10055 readers

106 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 3 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social