Duolingo: Difference between revisions
mNo edit summary |
|||
| Line 32: | Line 32: | ||
This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]]. | This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]]. | ||
===Data breach (2023)=== | ===Data breach (''2023'')=== | ||
In January 2023, the data of 2.6 million users were posted to an online hacking forum for $1,500.<ref>{{Cite web|url=https://www.bleepingcomputer.com/news/security/scraped-data-of-26-million-duolingo-users-released-on-hacking-forum/|title=Scraped data of 2.6 million Duolingo users released on hacking forum|first=Lawrence|last=Abrams|work=Bleeping Computer|date=2023-08-22|access-date=2025-03-26|archive-url=https://web.archive.org/web/20250309233352/https://www.bleepingcomputer.com/news/security/scraped-data-of-26-million-duolingo-users-released-on-hacking-forum/|archive-date=2025-03-09|url-status=live}}</ref> The data were scraped from a vulnerable API, with email addresses, usernames, languages spoken, and real names being included.<ref>{{Cite web|url=https://haveibeenpwned.com/PwnedWebsites#Duolingo|title=Pwned websites|work=haveibeenpwned.com|access-date=2025-03-26|archive-url=https://web.archive.org/web/20250309182649/https://haveibeenpwned.com/PwnedWebsites#Duolingo|archive-date=2025-03-09|url-status=live}}</ref> A spokesperson for Duolingo stressed that "these records were obtained by data-scraping public profile information" and "no data breach or hack has occurred".<ref>{{Cite web|url=https://therecord.media/duolingo-investigating-dark-web-post-offering-data-from-2-6-million-accounts|title=DuoLingo investigating dark web post offering data from 2.6 million accounts|first=Jonathan|last=Greig|date=2023-01-23|work=The Record.|access-date=2025-03-26|archive-url=https://web.archive.org/web/20250307194542/https://therecord.media/duolingo-investigating-dark-web-post-offering-data-from-2-6-million-accounts|archive-date=2025-03-07|url-status=live}}</ref> | In January 2023, the data of 2.6 million users were posted to an online hacking forum for $1,500.<ref>{{Cite web|url=https://www.bleepingcomputer.com/news/security/scraped-data-of-26-million-duolingo-users-released-on-hacking-forum/|title=Scraped data of 2.6 million Duolingo users released on hacking forum|first=Lawrence|last=Abrams|work=Bleeping Computer|date=2023-08-22|access-date=2025-03-26|archive-url=https://web.archive.org/web/20250309233352/https://www.bleepingcomputer.com/news/security/scraped-data-of-26-million-duolingo-users-released-on-hacking-forum/|archive-date=2025-03-09|url-status=live}}</ref> The data were scraped from a vulnerable API, with email addresses, usernames, languages spoken, and real names being included.<ref>{{Cite web|url=https://haveibeenpwned.com/PwnedWebsites#Duolingo|title=Pwned websites|work=haveibeenpwned.com|access-date=2025-03-26|archive-url=https://web.archive.org/web/20250309182649/https://haveibeenpwned.com/PwnedWebsites#Duolingo|archive-date=2025-03-09|url-status=live}}</ref> A spokesperson for Duolingo stressed that "these records were obtained by data-scraping public profile information" and "no data breach or hack has occurred".<ref>{{Cite web|url=https://therecord.media/duolingo-investigating-dark-web-post-offering-data-from-2-6-million-accounts|title=DuoLingo investigating dark web post offering data from 2.6 million accounts|first=Jonathan|last=Greig|date=2023-01-23|work=The Record.|access-date=2025-03-26|archive-url=https://web.archive.org/web/20250307194542/https://therecord.media/duolingo-investigating-dark-web-post-offering-data-from-2-6-million-accounts|archive-date=2025-03-07|url-status=live}}</ref> | ||