Technology

64937 readers

4587 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

Scraped data of 2.6 million Duolingo users released on hacking forum (www.bleepingcomputer.com)

submitted 2 years ago by [email protected] to c/[email protected]

9 comments fedilink hide all child comments

The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.

top 9 comments

sorted by: hot top controversial new old

[–] [email protected] 3 points 2 years ago

Oh no, not my German and Japanese scores!!!

I guess the email could become a spam target?? Gmail does a good job sorting that for me.

[–] [email protected] 1 points 2 years ago (1 children)

How is that API still up after this has happened?

[–] [email protected] 1 points 2 years ago

I only see this comment, but it says 53 comments. I just want to know why they didn't tell their userbase.

[–] [email protected] 0 points 2 years ago (1 children)

Is there a list on what data exactly got leaked, that wasn't public before?

[–] [email protected] 1 points 2 years ago (1 children)

However, Duolingo did not address the fact that email addresses were also listed in the data, which is not public information.

From the Article, emphasis by me

[–] [email protected] 1 points 2 years ago* (last edited 2 years ago)

Rip my email I use specifically for organizations I don't trust

[–] [email protected] 0 points 2 years ago* (last edited 2 years ago) (1 children)

"Scraped" data suggests that it's data available on public profile pages. However, the article also says the dump is a mix of public and non-public info. So which is it, scraped or not? It's an important distinction, because data collection by scraping is technically not a breach.

[–] [email protected] 1 points 2 years ago (1 children)

Take this with a pinch of salt but what I'm gathering is that it's essentially just taking people's public profiles but the Duolingo api also exposes users' e-mail addresses (and possibly other info) that isn't normally displayed as part of the user's public profile via their app.

In essence, they're exposing more data than they probably should be and users were not really aware that data was being made public - that's why people are upset about it.

[–] [email protected] 1 points 2 years ago

Ok, this makes sense -- in which case the API should not be exposing data that isn't otherwise available on the public profile, so that is significant.