(844) 627-8267
(844) 627-8267

Breached data of 2.6M Duolingo users available on hacking forum | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using
such links, we may receive a commission, but it will not result in any additional charges to you.
Please review our Affiliate Link Disclosure for more information.

hacker attack and data breach, cybersecurity, information protection concept
(Photo Credit: Song_about_summer/Shutterstock)

Duolingo data breach overview: 

  • Who: The scraped data of more than 2.6 million Duolingo users has been made available on the cybercrime marketplace BreachForums. 
  • Why: The breach of data is being blamed on a vulnerability in Duolingo’s application program interface. 
  • Where: Nationwide.

The scraped data of more than 2.6 million Duolingo users has been made available on an online hacking forum, as a result of an apparent breach of data against the popular language learning platform. 

Stolen Duolingo data was initially put up for sale on the now-shutdown Breached hacking forum in January, but is now available on a cybercrime marketplace known as BreachForums, reports Cybernews

The stolen data reportedly includes email addresses, usernames, names, telephone numbers, social network information, and other generic information related to user activity in the Duolingo app. 

The asking price for the scraped data was originally $1,500 back in January — a price that was noted as being open for negotiation — but can now be obtained for a total of 8 forum credits, the equivalent of $2.13, reports Cybernews. 

“Today I have uploaded the Duolingo Scrape for you to download, thanks for reading and enjoy!” the post on BreachForums states.

Duolingo says scraped data comes from public profile information, denies data breach, cyber attack

Duolingo has reportedly acknowledged the issue with the scraped data, but is maintaining that it was taken from public profile information and that it was not the result of a data breach or cyber attack incident. 

Researchers with vx-underground warned in a post on X — formerly known as Twitter — that the leaked data will be used for a cyberattack known as doxxing, which could end up leading to targeted phishing attacks. 

In its post, vx-underground noted that a threat actor was able to identify a bug in Duolingo’s application programming interface which allowed them to receive generic account information of the app’s users. 

Duolingo was founded in 2011 and has more than 500 million registered users and more than 60 million monthly active users, according to CyberNews, which reports that it found user data on the platform remains available for scraping. 

In similar news, a number of class action lawsuits have recently been filed against healthcare systems and other companies in response to data breaches, over claims not enough was done to prevent them. 

Are you an active Duolingo user and concerned your data may have been scraped? Let us know in the comments!

Read About More Class Action Lawsuits & Class Action Settlements:

We tell you about cash you can claim EVERY WEEK! Sign up for our free newsletter.


Click Here For The Original Story From This Source.

National Cyber Security