verified2023-01-24

DuolingoDuolingo breach

duolingo.com · 2,676,696 records compromised

Records
2.68M
Breach date
2023-01-24
Domain
duolingo.com
Data classes
4

Description

In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum . Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.

Compromised data classes· 4

Email addressesNamesSpoken languagesUsernames

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Breach
Twitter (200M)
Breach
Trello
Breach
Sphero
Breach
Udemy
Breach
DataCamp
Breach
Dubsmash
Sourced from Have I Been Pwned. Aggregate metadata only — no PII. Curated by Adam Lundqvist, Founder at SQUR.