![]() ![]() Cyber security news site BleepingComputer confirmed that the API was still open in August 2023, despite Duolingo being alerted to its being open in January 2023. It allows anyone to retrieve the public information of any Duolingo profile by inputting their username into it. The exposed API has been public knowledge since March 2023. ![]() We take data privacy and security seriously and are continuing to investigate this matter to determine if there’s any further action needed to protect our learners.” It is relevant to note, however, that email addresses are not public information on Duolingo.Ī Duolingo spokesperson said of the cyber security incident: “No data breach or hack has occurred. The data exposed includes users’ names, usernames, email addresses and other information relevant to Duolingo’s services. They also confirmed the legitimacy of the data by offering a sample of the data from 1,000 accounts.ĭuolingo confirmed to news site TheRecord that the data was scraped from public profile information. The hacker claimed to have gained access to the data by scraping and exposed application interface (API). The malicious actor was offering US$1,500 for all 2.6 million records. The information was put up for sale on a dark web hacking forum on August 22 by a malicious actor. The scraped data of more than 2.6 million users of language learning app, Duolingo, has been posted to a dark web hacking forum. This news story was updated on September 4, 2023, to reflect an update given regarding the cyber security incident by Duolingo.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |