The English language learning platform DuoLingo faces a fresh data breach report after a listing on a hacker forum known as Breached. This update comes from coverage by Bleeping Computer, which tracked the incident and the subsequent marketplace activity on the dark web.
The first appearance of DuoLingo user data on dark web forums dates back to January 2023. An archived post on the original Breached forum claimed to include a database of users and was offered for roughly 1.5 thousand dollars, a sum that reflected the exchange rate at that time. The forum experience a shutdown, and the data archive was reportedly removed from access. Nevertheless, on August 21, 2023, fresh listings appeared on the updated Breached forum, priced at about $2.13 and described as an upgraded entry in the same data set.
The exposed archive reportedly contains users’ real names, usernames, and email addresses. This kind of information can enable social engineering attempts or credential stuffing aimed at DuoLingo users, raising concern about how even widely used educational platforms can be targeted by phishing and account takeover schemes. Security researchers at Bleeping Computer emphasized that the presence of such data on the dark web increases the likelihood of targeted attacks against users, informed by the personal identifiers found in the breach. (Source: Bleeping Computer)
As of the current reporting date, DuoLingo has not issued an official statement addressing the incident. The absence of a public comment can leave users uncertain about the scope of exposure or the steps the company plans to mitigate risk, including guidance on password changes or account monitoring. (Source: Bleeping Computer)
The report references a separate cybersecurity update regarding StormWall, noting that the number of multi-vector distributed denial-of-service attacks in Russia showed a notable rise, signaling ongoing threats to online services during periods of elevated cyber activity. (Source: Bleeping Computer)