Duolingo is one of the most popular language teaching apps in the world, but now the company responsible is investigating the theft of data from 2.6 million user accounts, which were found for sale in a batch of files on the Dark Web.
According to the announcement available on the Dark Web, account information was obtained from a problem in Duolingo’s security API. The lot with information about the accounts is on sale for US$ 1,500 or about R$ 7,600 in direct conversion.
To prove the veracity of the information, hackers released a sample file with data from a thousand accounts that were leaked. Among the leaked information are email and Duolingo usage data, but The Record Media portal claims that much of this data may have been collected on public websites and related to Duolingo users later.
Duolingo’s response to the leak is an investigation that is currently being coordinated to determine what the API vulnerability was and if there was any additional access on the platform. There is still no information if only language app accounts were affected or if Duolingo Math released in 2022 were also leaked.
Experts recommend monitoring your Duolingo account usage and possible password reset attempts. If you notice any unusual access attempts, change your password and look for more information about the case that should appear in the next few days.
:watermark(https://f.pmo.ee//logos/4238/c14433e7c257b86e167cf144389f5071.png,-2p,-2p,0,18,none)/nginx/o/2023/01/30/15109421t1he8dc.jpg?resize=150%2C150&ssl=1)