Who hasn’t used Duolingo at some point to learn a second language? As the world’s most famous app for learning new languages, the ones affected by today’s news number in the millions. Myself included.
According to Bleeping Computer, some 26 million app accounts are directly affected.
The public and private data was obtained through an application programming interface (API) and offered on a hacker forum in January.
Usernames and real names, email addresses, phone numbers and courses studied were part of the collection offered for 1.500 dollars.
Data that, fortunately, nobody wants
Now, this data has resurfaced on a different forum, at a substantially lower price, just a few dollars.
The API that provided this user data is still publicly available. Usernames queries retrieve public profile details, while submitting an email address reveals private data such as profile pictures, location, and whether a Facebook or Google account is linked, as discovered by researchers.
Collectively, this data can aid scammers and hackers in crafting more personalized phishing attempts.
Unfortunately, Duolingo users can’t expect much protection from the service. When this data first emerged, the company categorized the lost data as “public profile information.”
What can be done?
The usual. Avoid opening emails from unknown senders whenever possible and, above all, do not click on links or download files from them.
You can also anonymize your online profiles. Remove your real name, disconnect your Google and Facebook accounts, and upload a generic avatar image.
Consider using a secondary email address or one created specifically for this purpose. This way, it will be easier for you to avoid falling into hackers’ traps. By the way, you can download the app for free here.
Some of the links added in the article are part of affiliate campaigns and may represent benefits for Softonic.
