Duolingo Leaks The Data Of 2.6 Million Users
Duolingo, one of the largest sites in the world for online language learning, has fallen victim to a data breach. Information about 2.6 million users of Duolingo with over 74 million current users, has been leaked on a hacking forum. The information was put up for sale on a Dark Web hacking forum on August 22 by a malicious actor. The malicious actor was offering US$1,500 for all 2.6 million records.
The hacker claimed to have gained access to the data by scraping and exposed application interface (API). They also confirmed the legitimacy of the data by offering a sample of the data from 1,000 accounts.
Leaked data includes names, login names, email addresses and other info was initially offered for sale on the Breached hacking forum in January 2023 for $1500. The site has now been taken down.
A spokesperson for the company said they are aware of the post, which had been created and offers emails, phone numbers, courses taken and other information on how customers use the platform. “These records were obtained by data scraping public profile information,” a spokesperson said.
“No data breach or hack has occurred. We take data privacy and security seriously and are continuing to investigate this matter to determine if there’s any further action needed to protect our learners".
Despite Duolingo’s statement to The Record that the data was sourced from publicly available profiles, however these email addresses are not public information and are probably a potential phishing hacks. The breach reportedly originated from an exposed Application Programming Interface (API), discovered in March 2023, that enables the retrieval of user profile information. This API inadvertently permitted unauthorised access to email addresses associated with Duolingo accounts.
Duolingo has not commented on why the API remains accessible even after abuse was reported earlier in the year. While the Dark Web forum in which this Duolingo user data was first advertised has since been shut down, the scraped data has now been released on a new version of the forum at a much lower price, just over $2.
Infosecurity Magazine: The Record: Cyber Fraud Centre: Cyber Security Hub: Bleeping Computer:
You Might Also Read:
How Cybercriminals Profit From Your Personal Information:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible
