Last week, a bundle allegedly containing data from 2.6 million Duolingo accounts went up for sale on the dark web. After revealing the content on a hacking forum, the company said it was investigating the situation.
The message posted on the internet indicates that the data was not obtained through a hacker attack. According to those responsible, the information was leaked due to an issue with a Duolingo API.
The DuoLingo database (scraped) is listed for sale on a hacker forum. According to the user, the alleged data contains 2.6 million account logins.#data breach #cyberrisk pic.twitter.com/7jttRnncpM
—FalconFeedsio (@FalconFeedsio) January 24, 2023
The data package can be purchased for $1,500 and includes details such as email and language app usage details. Hackers posted 1,000 accounts on the dark web as “examples” to prove the authenticity of the material.
Duolingo is investigating the case
In a statement from Duolingo shared by The Record Media, the company says it’s investigating the situation, but assures it’s not the victim of a hacker attack. According to the company, the information was obtained through data scraping, also called data scraping, when hackers collect and compile publicly available data.
While not as damaging as a hacker attack, data scraping poses dangers to users mainly because of its repetition: The app grew 240% per year in 2022, according to Human Security. Facebook, for example, took action against users who took such actions last year.
The tip for Duolingo users is to follow the development of the case. So far, the website Have I Been Pwned, which indicates whether your data has been publicly leaked, still does not contain information about the language app’s information package.
Source: Tec Mundo
