By John Ensor • 30 August 2023 • 9:30
Duolingo. Credit: Postmodern Studio/shutterstock.com
When using any app or browsing online, how secure is your personal information? Duolingo, the popular language learning app, has recently suffered a significant data breach, exposing the personal data of over 2.6 million users.
The security lapse occurred in January 2023 and has put a spotlight on the vulnerability of Duolingo’s API (application programming interface). The API had been exposed for months, allowing anyone to access both public and private user information by simply entering a username or email. Despite this vulnerability being publicly documented by several researchers, Duolingo took no action to rectify it, according to OK Diario.
In January 2023, a hacker exploited this weakness and extracted the data of 2.6 million Duolingo users. The hacker initially attempted to sell the dataset for $1,500 on the now-defunct Breached forum. However, finding no buyers, the hacker later offered the data on another version of the same forum for a mere eight credits, roughly equivalent to $2.13.
The leaked data includes not just public information like usernames and real names, but also private details such as email addresses, which are not publicly visible on Duolingo profiles. These emails could be weaponised by cybercriminals to send fraudulent messages, impersonating Duolingo or other organisations, in an attempt to trick users into revealing their login credentials for other digital services or transferring money to scam accounts.
Duolingo, which boasts over 74 million monthly active users, has confirmed the data breach. However, the company has downplayed its significance, stating that it involves only public information. They have yet to explain why they did not fix the API vulnerability or warn their users about the risks they face.
Cybersecurity experts recommend that Duolingo users change their passwords and enable two-step verification where possible. Users should also be vigilant for any suspicious emails and avoid clicking on any links or downloading attachments without verifying their authenticity. Additionally, it’s advisable to regularly review bank statements and transactions, reporting any irregularities.
Thank you for taking the time to read this article. Do remember to come back and check The Euro Weekly News website for all your up-to-date local and international news stories and remember, you can also follow us on Facebook and Instagram.
Share this story
Subscribe to our Euro Weekly News alerts to get the latest stories into your inbox!
By signing up, you will create a Euro Weekly News account if you don't already have one. Review our Privacy Policy for more information about our privacy practices.
Originally from Doncaster, Yorkshire, John now lives in Galicia, Northern Spain with his wife Nina. He is passionate about news, music, cycling and animals. When he's not writing for EWN he enjoys gigging in a acoustic duo, looking after their four dogs, four chickens, two cats, and cycling up mountains very slowly.
By signing up, you will create a Euro Weekly News account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.
Download our media pack in either English or Spanish.