A data breach at language learning platform Duolingo has exposed the personal information of 2.6 million users. The data, including email addresses, usernames, languages learned, and other profile details, was scraped from Duolingo’s public API and released on a hacking forum for just $2.
While much of the information was already public, the aggregated data gives cybercriminals new opportunities for targeted phishing and fraud. Duolingo users should be vigilant about suspicious communications referencing their language interests or learning progress.
This incident highlights the need for companies to properly secure APIs and sensitive data. It also serves as a reminder to use unique passwords, enable two-factor authentication, and watch for potential phishing attempts following a breach.
By taking proactive steps like checking breach notifications and changing passwords, we can reduce the risk and impact of our information being compromised. But companies must also make user privacy and security a priority in their systems and practices.