Duolingo Data Breach Exposes 3 Million User Emails

New data shows the leak primarily impacted U.S. users

Scarlett Evans, Assistant Editor, IoT World Today

August 29, 2023

1 Min Read
967,000 U.S. email addresses were exposed in the hack
Getty

Just under 3 million Duolingo users’ (2.68 million) email addresses were compromised and are being sold online following a data breach at the beginning of this year. 

According to new data from Surfshark, around a third of the compromised users were from U.S. accounts.

The new report found 967,000 U.S. email addresses were exposed, while accounts from South Sudan were second, followed by France and then the U.K.

“In total, 16.3M data points of Duolingo users were exposed,” the report said. “On average, each email account was leaked with five data points, such as language, profile picture, username, name, country or bio. Some user accounts got all of their details leaked.”

Duolingo first acknowledged the breach in January, including the exposure of public information such as user names. However, it was not known that users’ email addresses had been compromised, with these now appearing online for sale on hacking forums.

View post on Twitter

“The biggest concern is the exposure of email addresses — it could be used for phishing attacks,” the Surfshark report said. “People affected might receive personalized phishing emails, such as offering affordable courses related to the language they have been studying on Duolingo. This could be done using leaked names and origin countries, resulting in highly customized emails, possibly even in their own native languages.”

Related:Microsoft Identifies Russian Hacking Group in Teams Cyberattack

The data was reportedly accessed by scraping Duolingo’s database using an exposed application programming interface (API).                                               

About the Author

Scarlett Evans

Assistant Editor, IoT World Today

Scarlett Evans is the assistant editor for IoT World Today, with a particular focus on robotics and smart city technologies. Scarlett has previous experience in minerals and resources with Mine Australia, Mine Technology and Power Technology. She joined Informa in April 2022.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like