The company says its investigation found it was a “scrape of data from public Duolingo profiles”, not a hack, that led to the incident

Scarlett Evans, Assistant Editor, IoT World Today

September 5, 2023

1 Min Read
Duolingo said the incident was a data “scrape” from public profiles
Getty

Duolingo said the incident that exposed nearly 3 million user email addresses was not a system hack, but rather a data “scrape” from public profiles using an exposed application programming interface (API). The company issued the statement following last week’s news of the compromise

“Our investigation confirmed that this was not a breach or a hack; it was a scrape of data from public Duolingo profiles,” a spokesperson said. “No Duolingo systems or private user data were compromised. 

“Regardless, as a precautionary measure we have taken some steps to limit this from happening again. We have put in place rate limits on the specific API endpoint to make it more difficult for attackers to abuse. We take data privacy and security seriously and will continue to constantly evaluate our security measures to ensure learner safety.”

Like what you're reading? For more stories like this on emerging technologies, sign up for our free daily email newsletter to stay updated!

The exposure of users’ information was first disclosed in January, though the selling of their personal email addresses online was only recently discovered.

According to Duolingo’s own investigation, these email addresses were not obtained from its systems but from other sources, with these addresses then fed into a public API and matched with Duolingo usernames. 

Related:Duolingo Data Breach Exposes 3 Million User Emails

“This API was public in order to power the ‘Find My Friends’ feature which allows learners to look up their friends on Duolingo using an email address,” according to a company statement. “This API is being rate limited to prevent this type of exploit in the future.”

About the Author(s)

Scarlett Evans

Assistant Editor, IoT World Today

Scarlett Evans is the assistant editor for IoT World Today, with a particular focus on robotics and smart city technologies. Scarlett has previous experience in minerals and resources with Mine Australia, Mine Technology and Power Technology. She joined Informa in April 2022.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like