Data from 2.6 million users of Duolingo has been leaked on a hacking forum. Duolingo is a language platform with over 74 million monthly users. The compromised data included real names, login names, email addresses, and internal service-related details. Duolingo said that the data was sourced from public profiles, however, the leaked email addresses are not public information and can facilitate targeting phishing attempts. The breach reportedly originated from an exposed application programming interface (API). Despite the potential consequences of the breach, Duolingo has not commented on why the API remains accessible.
Read more: https://www.infosecurity-magazine.com/news/data-26m-duolingo-users-leaked/