Duolingo | Breaches

Welcome to our new version of sysinfo.org

Credits & Recommendation

The following information is part of the Breaches Database used by Spybot Identity Monitor . It originates either from our own research or from the ';--have i been pwned? project.

If you want to regularly check if your email addresses appear in breaches, please download our free Identity Monitor.

Breach details for Duolingo

Title: Duolingo
Domain: duolingo.com
Breach: 2023-01-24
Added: 2023-08-23T04:31:08Z
Modified: 2023-08-23T04:31:08Z
Data Count: 2676696
Description: In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.
Type of Data: Email addresses, Names, Spoken languages, Usernames