Skip to content
Cyber Breaches
Search
Data breachResolved

Duolingo data breach (2023)

In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points),…

Victim
Duolingo
records
2.7M
SectorMedia

Imported from Have I Been Pwned — pending editorial review and translation to French. The summary below is machine-extracted; consult the source for details.

In 2023-01-24, Duolingo was affected by a data breach. Approximately 2,676,696 accounts were exposed. In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points),…

Sources

  1. haveibeenpwned.comhttps://haveibeenpwned.com/PwnedWebsites#Duolingo
  2. duolingo.comhttps://duolingo.com

Related incidents

Data breachResolved

Zadig & Voltaire data breach (2023)

In June 2024, a data brach sourced from French fashion brand Zadig & Voltaire was publicly posted to a popular hacking forum. The data included names, email and physical addresses, phone numbers and genders.

Victim
Zadig & Voltaire
Records
586.9K
Data breachResolved

Chess data breach (2023)

In November 2023, over 800k user records were scraped from the Chess website and posted to a popular hacking forum. The data included email address, name, username and the geographic location of the user. A further 446k scraped records were later provided and added to HIBP.

Victim
Chess
Records
1.3M
Data breachResolved

LinkedIn Scraped and Faked Data (2023) data breach (2023)

In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses constructed from impacted individuals' names.

Victim
LinkedIn Scraped and Faked Data (2023)
Records
19.8M
Data breachResolved

Toumei data breach (2023)

In October 2023, the Japanese consultancy firm Toumei suffered a data breach. The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses.

Victim
Toumei
Records
76.7K