Duolingo

Medium Impact

1 August 2023

•

2,698,307 records affected

•

Dehashed

Search on Google

Description

In August 2023, a scraping incident affected Duolingo, where 2.6 million records were exposed on a hacking forum. The data was collected through a vulnerable API and contained email addresses, full names, usernames, and other learning-related attributes. While some information was public, the exposure of private email addresses posed a risk to user privacy.

What to do if you're affected

1.Change your password immediately if you have an account with this service
2.Enable two-factor authentication (2FA) wherever possible
3.Check if your email appears in the breach using Have I Been Pwned
4.Monitor your accounts for suspicious activity
5.Consider using a password manager to generate unique passwords

Learn More About Data Breaches

Have I Been Pwned

Check if your data has been compromised

ENISA

EU Agency for Cybersecurity