Duolingo | Breaches

Welcome to our new version of sysinfo.org

Breach details for Duolingo

Title
Duolingo
Domain
duolingo.com
Breach
2023-01-24
Added
2023-08-23T04:31:08Z
Modified
2023-08-23T04:31:08Z
Data Count
2676696
Description
In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.
Type of Data
Email addresses, Names, Spoken languages, Usernames