Duolingo Leaks The Data Of 2.6 Million Users

Uploaded on 2023-08-31 in NEWS-Cybersecurity News, FREE TO VIEW

Duolingo, one of the largest sites in the world for online language learning, has fallen victim to a data breach. Information about 2.6 million users of Duolingo with over 74 million current users, has been leaked on a hacking forum. The information was put up for sale on a Dark Web hacking forum on August 22 by a malicious actor. The malicious actor was offering US$1,500 for all 2.6 million records.

The hacker claimed to have gained access to the data by scraping and exposed application interface (API). They also confirmed the legitimacy of the data by offering a sample of the data from 1,000 accounts. 

Leaked data includes names, login names, email addresses and other info was initially offered for sale on the Breached hacking forum in January 2023 for $1500. The site has now been taken down.

A spokesperson for the company said they are aware of the post, which had been created and offers emails, phone numbers, courses taken and other information on how customers use the platform. “These records were obtained by data scraping public profile information,” a spokesperson said.

“No data breach or hack has occurred. We take data privacy and security seriously and are continuing to investigate this matter to determine if there’s any further action needed to protect our learners".

Despite Duolingo’s statement to The Record that the data was sourced from publicly available profiles, however these email addresses are not public information and are probably a potential phishing hacks. The breach reportedly originated from an exposed Application Programming Interface (API), discovered in March 2023, that enables the retrieval of user profile information. This API inadvertently permitted unauthorised access to email addresses associated with Duolingo accounts.

Duolingo has not commented on why the API remains accessible even after abuse was reported earlier in the year. While the Dark Web forum in which this Duolingo user data was first advertised has since been shut down, the scraped data has now been released on a new version of the forum at a much lower price, just over $2.

Infosecurity Magazine:     The Record:     Cyber Fraud Centre:     Cyber Security Hub:     Bleeping Computer:    

Tom's Guide

You Might Also Read: 

How Cybercriminals Profit From Your Personal Information:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Flight Traffic Chaos
Hospital IoT & IoMT Cyber Security Risk »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

Genians

Genians

Genians provides the industry’s leading Network Access Control (NAC) solution, which ensures full visibility of all IP-enabled devices regardless of whether they are wired, wireless, or virtual.

SBD Automotive

SBD Automotive

SBD Automotive are specialists in automotive technology providing independent research and consultancy to help create smarter, more secure, better connected, and increasingly autonomous cars.

Charities Security Forum (CSF)

Charities Security Forum (CSF)

The Charities Security Forum is the premier membership group for information security people working for charities and not-for-profits in the UK.

THEC-Incubator

THEC-Incubator

THEC-Incubator program is designed for international and ambitious tech startups in the Netherlands. Areas of focus include Blockchain and Cyber Security.

Green House Data

Green House Data

Green House Data is a managed services provider delivering hybrid solutions to enterprises who need secure IT environments and efficient management of their critical applications and business data.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

BCN Group

BCN Group

BCN Group is an agile IT solutions provider. We are experts in delivering and managing business-critical technology solutions.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

National Cyber Safety and Security Standards (NCSSS) - India

National Cyber Safety and Security Standards (NCSSS) - India

National Cyber Safety and Security Standards has been started with a great vision to safeguard India from the current threats in the cyber space.

Udacity

Udacity

Udacity's mission is to train the world’s workforce in the careers of the future. Our programs range from beginner to expert levels and deliver the hands-on skills for real-world expertise.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

Valimail

Valimail

Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.