Duolingo BreachDate: March 2023

Duolingo, one of the largest language learning companies in the world today was the recent victim of a data breach. The company served over 74 million people at one time, and it's no wonder that attackers were able to steal information from over 2.6 million individuals in their attack.

What Was the Breach?

  • User Names
  • First and Last Names
  • Email Addresses

How Did the Breach Occur?

The Duolingo breach was possible because of a vulnerable API or application programming interface. The API was designed to enable programmers to connect their services to Duolingo, but a small issue with it enabled attackers to harvest huge amounts of information from Duolingo, getting access to information that shouldn't have been available to the public.

When Did This Breach Occur?

The API issue has been known since March of 2023. That means the breach could have occurred in and around March or the months after.

Who Does the Breach Impact?

Over 2.6 million Duolingo users were exposed by this breach. It's the users that are at risk because of the information shared. Even though the data stolen wasn't substantial for each person, it could still be used to launch phishing attacks and steal customer data.

How Many Files Does the Breach Affect?

We don't know the number of total files impacted by this breach. We aren't sure if files were copied or moved at all to make this breach possible.


Recent Breaches

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address