"Data of 2.6 Million Duolingo Users Leaked on Hacking Forum"

Data from 2.6 million users of Duolingo, a language learning platform with over 74 million monthly users, was leaked on a hacking forum.  The compromised data, which includes real names, login names, email addresses, and internal service-related details, was initially offered for sale on the now defunct Breached hacking forum in January 2023 for $1500.  Duolingo stated that these records were obtained by data scraping public profile information and noted that they have no indication that their systems were compromised.  According to security researchers, the breach reportedly originated from an exposed application programming interface (API), discovered in March 2023, that enables the retrieval of user profile information.  This API inadvertently permitted unauthorized access to email addresses associated with Duolingo accounts.  Despite the potential consequences of the breach, Duolingo has not commented on why the API remains accessible even after abuse was reported earlier in the year. 

Infosecurity reports: "Data of 2.6 Million Duolingo Users Leaked on Hacking Forum"