In a startling revelation, the personal information of over 2.6 million Duolingo users has been compromised and posted on a hacking forum. The breach has led to the unauthorized scraping of sensitive user data, including usernames, email addresses, and potentially hashed passwords.
The popular language learning app Duolingo, boasting over 74 million monthly users, has now become the target of cybercriminals. The details of the Duolingo data breach were exposed on the dark web, with user FalconFeedsio sharing a screenshot of a user attempting to sell the compromised information.
Information Leaked on the Dark Web
The stolen data was posted on a prominent hacking forum on August 22 by a malicious actor who offered the 2.6 million records for $1,500. The cybercriminal claims to have gained access to the data by scraping and exploiting an exposed application interface (API). A sample from 1,000 accounts was offered to confirm the data’s legitimacy.
Risks to Affected Users
This exposure raises serious concerns, as the leaked information can be misused for malicious activities such as targeted phishing attacks and identity theft. With email addresses in the wrong hands, users might receive deceptive messages designed to steal further personal information or spread malware.
Duolingo Responds to the Incident
According to The Record, Duolingo has acknowledged the breach and is actively investigating. A spokesperson clarified that the records were obtained by scraping public profile information. The exposed API, still open despite being public knowledge since March 2023, allows anyone to retrieve public information from Duolingo profiles by inputting usernames.
Stay Safe from Phishing Scams
For Duolingo users concerned about falling victim to phishing, careful examination of incoming emails is essential. Look for legitimate email addresses, watch for misspelled words, and avoid clicking on any suspicious links or attachments. Installing the best antivirus software can also provide additional protection.
Conclusion
Learning a new language is challenging, and Duolingo has made this easier for millions worldwide. However, this incident puts 2.6 million of those users at risk. The breach serves as a reminder of the importance of cyber security and the need for users to remain vigilant. Duolingo’s commitment to investigating the matter and ensuring data privacy is commendable, but users must remain cautious as their names and email addresses may already be in the hands of hackers.
Keep an eye on our information security news updates as we continue to monitor how Duolingo responds to this incident.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.