Privacy, Data Security, Application security

Millions of Duolingo users’ scraped data leaked

BleepingComputer reports that major language learning platform Duolingo had data scraped from 2.6 million of its users exposed on the new iteration of the Breached hacking forum seven months after the data was initially being peddled in the now-defunct Breached site. Threat actors have been selling the user dataset, which includes real and login names, as well as email addresses, for the equivalent of $2.13, according to VX-Underground, which first discovered the posting. Information included in the leak have been scraped through an exposed application programming interface, which enabled the retrieval of JSON output with user public profile information upon the submission of usernames and email addresses. Such an API, which may have been used to enable the exposure of DuoLingo accounts through email addresses that may have been obtained by attackers in prior breaches, continues to be available to the public despite having been reported to DuoLingo in January.

Related

Data breach impacts Airsoft community site

Major airsoft game host and equipment renter Airsoft C3 had the sensitive data of 75,000 individuals part of its enthusiast community website compromised due to a Google Cloud Storage Bucket misconfiguration, indicating a significant threat to the U.S. airsoft community, according to Cybernews.

Data breach hits Panda Restaurants

BleepingComputer reports that major Asian-American restaurant company Panda Restaurant Group, which counts Panda Express and Hibachi-San as its subsidiaries, had the personal data of its current and former associates compromised following a breach of its corporate systems in March.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.