Duolingo Leaks The Data Of 2.6 Million Users

Uploaded on 2023-08-31 in NEWS-Cybersecurity News, FREE TO VIEW

Duolingo, one of the largest sites in the world for online language learning, has fallen victim to a data breach. Information about 2.6 million users of Duolingo with over 74 million current users, has been leaked on a hacking forum. The information was put up for sale on a Dark Web hacking forum on August 22 by a malicious actor. The malicious actor was offering US$1,500 for all 2.6 million records.

The hacker claimed to have gained access to the data by scraping and exposed application interface (API). They also confirmed the legitimacy of the data by offering a sample of the data from 1,000 accounts. 

Leaked data includes names, login names, email addresses and other info was initially offered for sale on the Breached hacking forum in January 2023 for $1500. The site has now been taken down.

A spokesperson for the company said they are aware of the post, which had been created and offers emails, phone numbers, courses taken and other information on how customers use the platform. “These records were obtained by data scraping public profile information,” a spokesperson said.

“No data breach or hack has occurred. We take data privacy and security seriously and are continuing to investigate this matter to determine if there’s any further action needed to protect our learners".

Despite Duolingo’s statement to The Record that the data was sourced from publicly available profiles, however these email addresses are not public information and are probably a potential phishing hacks. The breach reportedly originated from an exposed Application Programming Interface (API), discovered in March 2023, that enables the retrieval of user profile information. This API inadvertently permitted unauthorised access to email addresses associated with Duolingo accounts.

Duolingo has not commented on why the API remains accessible even after abuse was reported earlier in the year. While the Dark Web forum in which this Duolingo user data was first advertised has since been shut down, the scraped data has now been released on a new version of the forum at a much lower price, just over $2.

Infosecurity Magazine:     The Record:     Cyber Fraud Centre:     Cyber Security Hub:     Bleeping Computer:    

Tom's Guide

You Might Also Read: 

How Cybercriminals Profit From Your Personal Information:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Flight Traffic Chaos
Hospital IoT & IoMT Cyber Security Risk »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Allthenticate

Allthenticate

Allthenticate Single Device Authentication (SDA), enables seamless authentication in both the physical and digital words while unifying management in one easy-to-use interface.

Transmit Security

Transmit Security

The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability.

Unlimited Technology

Unlimited Technology

Unlimited Technology offers a wide range of talent and experience, from assessing your requirements to implementing technologically advanced security solutions to best fit your needs.

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.

ThreatView by Turaco Labs

ThreatView by Turaco Labs

ThreatView combines extensive experience in digital forensics with advanced analytics and threat detection capabilities to protect eCommerce websites.

E-CQURITY (ECQ)

E-CQURITY (ECQ)

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.