{"id":98723,"date":"2023-08-30T21:04:45","date_gmt":"2023-08-31T04:04:45","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=98723"},"modified":"2023-08-31T21:10:08","modified_gmt":"2023-09-01T04:10:08","slug":"2-6-million-duolingo-users-accounts-exposed-in-data-leak","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/","title":{"rendered":"2.6 million Duolingo users&#8217; accounts exposed in data leak"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-98726\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/08\/Duo-crying-Duolingo-data-breach-600x300-1.jpg\" alt=\"\" width=\"600\" height=\"300\" \/><\/p>\n<p>Duolingo is a popular language-learning app and site with more than 74 million monthly active users. The company recently suffered a data leak resulting in the exposure of more than 2.6 million users&#8217; e-mail addresses and other information. Here&#8217;s what you need to know.<\/p>\n<p><em>In this article:<\/em><\/p>\n<ul>\n<li><a href=\"#timeline\">What is the timeline of the Duolingo user data leak?<\/a>\n<ul>\n<li><a href=\"#exposed\">What else was exposed in the Duolingo data leak?<\/a><\/li>\n<li><a href=\"#resurfacing\">The resurfacing and wider exposure of the leaked Duolingo data<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#minimize\">How can I minimize exposure from similar data leaks?<\/a><\/li>\n<li><a href=\"#learnmore\">How can I learn more?<\/a><a name=\"timeline\"><\/a><\/li>\n<\/ul>\n<h3>What is the timeline of the Duolingo user data leak?<\/h3>\n<p>In January 2023, a hacking forum user claimed to have the e-mail addresses of 2.6 million users of the service and was selling the list for $1500 or best offer.<a name=\"exposed\"><\/a><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The DuoLingo database (scraped) has been listed for sale in a hacker&#39;s forum. According to the user, the claimed data contains 2.6 million account entries.<a href=\"https:\/\/twitter.com\/hashtag\/databreach?src=hash&amp;ref_src=twsrc%5Etfw\">#databreach<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/cyberrisk?src=hash&amp;ref_src=twsrc%5Etfw\">#cyberrisk<\/a> <a href=\"https:\/\/t.co\/7jttRnncpM\">pic.twitter.com\/7jttRnncpM<\/a><\/p>\n<p>&mdash; FalconFeedsio (@FalconFeedsio) <a href=\"https:\/\/twitter.com\/FalconFeedsio\/status\/1617735519194214413?ref_src=twsrc%5Etfw\">January 24, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h4><strong>What else was exposed in the Duolingo data leak?<\/strong><\/h4>\n<p>Other leaked data associated with those e-mail addresses, too. This appeared to include users&#8217; real name, username, account avatar, bio, and native language. The data also indicated which e-mail addresses were verified, and whether Facebook or Google accounts were connected.<\/p>\n<p>Thankfully, the leak did not contain user passwords.<\/p>\n<p>On the same day as the leaked data was posted, security news site <a href=\"https:\/\/therecord.media\/duolingo-investigating-dark-web-post-offering-data-from-2-6-million-accounts\" target=\"_blank\" rel=\"noopener\">The Record contacted Duolingo<\/a>. The company responded:<\/p>\n<blockquote><p>\u201cThese records were obtained by data scraping public profile information\u2026<\/p>\n<p>\u201cNo data breach or hack has occurred. We take data privacy and security seriously and are continuing to investigate this matter to determine if there\u2019s any further action needed to protect our learners.\u201d<a name=\"resurfacing\"><\/a><\/p><\/blockquote>\n<h4><strong>The resurfacing and wider exposure of the leaked Duolingo data<\/strong><\/h4>\n<p>On August 21, the X (Twitter) account of vx-underground, a popular malware repository, <a href=\"https:\/\/twitter.com\/vxunderground\/status\/1693742275145150927\" target=\"_blank\" rel=\"noopener\">posted<\/a> about the breach on August 21. The post stated that the Duolingo account information was obtained through &#8220;a bug in the Duolingo API.&#8221;<\/p>\n<p>A follower <a href=\"https:\/\/twitter.com\/bouddddddddddda\/status\/1693748077511721125\" target=\"_blank\" rel=\"noopener\">responded<\/a> that the so-called API bug was actually a known flaw; anyone can find out such details about any Duolingo user, simply by knowing their registered e-mail address and querying the site.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">It&#39;s not new, everybody can find a duolingo account with just an email. Check out <a href=\"https:\/\/t.co\/KERoep3z6z\">https:\/\/t.co\/KERoep3z6z<\/a><\/p>\n<p>&mdash; BO\u0333\u0333\u0333\u0333\u0333\u0333\u0333\u0333\u0333\u0333uddah \ud83d\udc41\ufe0f\u20e4In Holliday \ud83c\udf0a\ud83c\udfd6 (@bouddddddddddda) <a href=\"https:\/\/twitter.com\/bouddddddddddda\/status\/1693748077511721125?ref_src=twsrc%5Etfw\">August 21, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Presumably, that&#8217;s how the leaker obtained data about 2.6 million accounts in the first place. Quite likely, the leaker sent millions of queries about known e-mail addresses to Duolingo, and Duolingo&#8217;s servers responded with data whenever there was a match.<\/p>\n<p>According to security news site <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/scraped-data-of-26-million-duolingo-users-released-on-hacking-forum\/\" target=\"_blank\" rel=\"noopener\">BleepingComputer<\/a>, vx-underground had encountered the same data mentioned in the January leak, now fully exposed\u2014not behind a paywall\u2014on another hacking forum.<\/p>\n<p>On August 22, BleepingComputer confirmed that the API was still subject to the same scraping attacks that were exploited to obtain the leaked data back in January. The news site said that it had contacted Duolingo asking why the API was still exposed, but had not yet received a response from the company.<\/p>\n<p>Finally, on August 23, popular data leak information site Have I Been Pwned <a href=\"https:\/\/haveibeenpwned.com\/PwnedWebsites#Duolingo\" target=\"_blank\" rel=\"noopener\">added<\/a> the more than 2.6 million e-mail addresses to its database. Anyone who wishes to find out whether their e-mail address was exposed in the Duolingo leak\u2014or any of 700 other data leaks or breaches\u2014can simply search for their address at <a href=\"https:\/\/haveibeenpwned.com\/\" target=\"_blank\" rel=\"noopener\">haveibeenpwned.com<\/a>.<a name=\"minimize\"><\/a><\/p>\n<h3>How can I minimize exposure from similar data leaks?<\/h3>\n<p>Unfortunately, companies often expose user data, and often it isn&#8217;t treated as a serious matter.<\/p>\n<p>One way that users can avoid exposing their information in such leaks is to use a unique e-mail address for each service.<\/p>\n<p>Thankfully, that&#8217;s not as inconvenient as it may sound; you don&#8217;t need to register multiple e-mail accounts and check each and every one separately. There are at least two major services that offer anonymous e-mail forwarding.<\/p>\n<p>The first is <strong>Hide My Email<\/strong>, included with Apple&#8217;s iCloud+ service; it starts at $0.99 per month, and is integrated with iOS and macOS. The second is <strong>DuckDuckGo Email Protection<\/strong>, which is a bit more complicated to use, but is free. Check out our <a href=\"https:\/\/www.intego.com\/mac-security-blog\/which-is-better-apples-hide-my-email-or-duckduckgo-email-protection\/\">comprehensive comparison of Hide My Email and DuckDuckGo Email Protection<\/a>.<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"H3YmhD1fAV\"><p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/which-is-better-apples-hide-my-email-or-duckduckgo-email-protection\/\">Which Is Better: Apple&#8217;s Hide My Email or DuckDuckGo Email Protection?<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Which Is Better: Apple&#8217;s Hide My Email or DuckDuckGo Email Protection?&#8221; &#8212; The Mac Security Blog\" src=\"https:\/\/www.intego.com\/mac-security-blog\/which-is-better-apples-hide-my-email-or-duckduckgo-email-protection\/embed\/#?secret=H3YmhD1fAV\" data-secret=\"H3YmhD1fAV\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>We discussed these e-mail privacy services on <a href=\"https:\/\/podcast.intego.com\/255\">episode 255<\/a> of the Intego Mac Podcast.<a name=\"learnmore\"><\/a><\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/player.fireside.fm\/v2\/GegHgcrH+Yy7Yte2g?theme=dark\" width=\"740\" height=\"200\" frameborder=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<h3>How can I learn more?<\/h3>\n<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/04\/intego-podcast-artwork-400.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img class=\"alignleft\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/04\/intego-podcast-artwork-400.jpg\" alt=\"\" width=\"80\" \/><\/a>Each week on the <a href=\"https:\/\/podcast.intego.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Intego Mac Podcast<\/strong><\/a>, Intego&#8217;s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to <a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" rel=\"noopener\"><strong>follow the podcast<\/strong><\/a> to make sure you don\u2019t miss any episodes.<\/p>\n<p>You can also subscribe to our <a href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-security-newsletter\/\"><strong>e-mail newsletter<\/strong><\/a> and keep an eye here on <a href=\"https:\/\/www.intego.com\/mac-security-blog\"><strong>The Mac Security Blog<\/strong><\/a> for the latest Apple security and privacy news. And don&#8217;t forget to follow Intego on your favorite social media channels: <a href=\"https:\/\/twitter.com\/IntegoSecurity\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on Twitter\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Twitter-logo-icon-64.png\" alt=\"Follow Intego on Twitter\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.facebook.com\/Intego\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on Facebook\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Facebook-logo-icon-64.png\" alt=\"Follow Intego on Facebook\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.youtube.com\/user\/IntegoVideo?sub_confirmation=1\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(0, 0, 0, 0.2); border-radius: 8px;\" title=\"Follow Intego on YouTube\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/YouTube-logo-icon-64.png\" alt=\"Follow Intego on YouTube\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.pinterest.com\/intego\/\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(0, 0, 0, 0.2); border-radius: 8px;\" title=\"Follow Intego on Pinterest\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Pinterest-logo-icon-64.png\" alt=\"Follow Intego on Pinterest\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/intego\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on LinkedIn\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/LinkedIn-logo-icon-64.png\" alt=\"Follow Intego on LinkedIn\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.instagram.com\/intego_security\/\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on Instagram\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Instagram-logo-icon-64.png\" alt=\"Follow Intego on Instagram\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow the Intego Mac Podcast on Apple Podcasts\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png\" alt=\"Follow the Intego Mac Podcast on Apple Podcasts\" width=\"16\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Duolingo, a popular language-learning app and site, suffered a data leak exposing more than 2.6 million user e-mail addresses and other info. Here is everything you need to know to keep your data safe from similar leaks.<\/p>\n","protected":false},"author":14,"featured_media":98727,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[43],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Duolingo, a popular language-learning app and site, suffered a data leak exposing more than 2.6 million user e-mail addresses and other info. Here is everything you need to know to keep your data safe from similar leaks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"2.6 million Duolingo users&#039; accounts exposed in data leak - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Duolingo, a popular language-learning app and site, suffered a data leak exposing more than 2.6 million user e-mail addresses and other info. Here is everything you need to know to keep your data safe from similar leaks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-31T04:04:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-01T04:10:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/08\/Duo-crying-Duolingo-data-breach-400x260-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/08\/Duo-crying-Duolingo-data-breach-400x260-1.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/08\/Duo-crying-Duolingo-data-breach-400x260-1.jpg\",\"width\":400,\"height\":260,\"caption\":\"Duo the b\\u00faho owl crying, Duolingo logo, data breach\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/\",\"name\":\"2.6 million Duolingo users' accounts exposed in data leak - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#primaryimage\"},\"datePublished\":\"2023-08-31T04:04:45+00:00\",\"dateModified\":\"2023-09-01T04:10:08+00:00\",\"description\":\"Duolingo, a popular language-learning app and site, suffered a data leak exposing more than 2.6 million user e-mail addresses and other info. Here is everything you need to know to keep your data safe from similar leaks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"2.6 million Duolingo users&#8217; accounts exposed in data leak\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"2.6 million Duolingo users&#8217; accounts exposed in data leak\",\"datePublished\":\"2023-08-31T04:04:45+00:00\",\"dateModified\":\"2023-09-01T04:10:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#webpage\"},\"wordCount\":763,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/08\/Duo-crying-Duolingo-data-breach-400x260-1.jpg\",\"keywords\":[\"Data Breach\"],\"articleSection\":[\"Security &amp; Privacy\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Duolingo, a popular language-learning app and site, suffered a data leak exposing more than 2.6 million user e-mail addresses and other info. Here is everything you need to know to keep your data safe from similar leaks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/","og_locale":"en_US","og_type":"article","og_title":"2.6 million Duolingo users' accounts exposed in data leak - The Mac Security Blog","og_description":"Duolingo, a popular language-learning app and site, suffered a data leak exposing more than 2.6 million user e-mail addresses and other info. Here is everything you need to know to keep your data safe from similar leaks.","og_url":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2023-08-31T04:04:45+00:00","article_modified_time":"2023-09-01T04:10:08+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/08\/Duo-crying-Duolingo-data-breach-400x260-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/08\/Duo-crying-Duolingo-data-breach-400x260-1.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/08\/Duo-crying-Duolingo-data-breach-400x260-1.jpg","width":400,"height":260,"caption":"Duo the b\u00faho owl crying, Duolingo logo, data breach"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/","name":"2.6 million Duolingo users' accounts exposed in data leak - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#primaryimage"},"datePublished":"2023-08-31T04:04:45+00:00","dateModified":"2023-09-01T04:10:08+00:00","description":"Duolingo, a popular language-learning app and site, suffered a data leak exposing more than 2.6 million user e-mail addresses and other info. Here is everything you need to know to keep your data safe from similar leaks.","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"2.6 million Duolingo users&#8217; accounts exposed in data leak"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"2.6 million Duolingo users&#8217; accounts exposed in data leak","datePublished":"2023-08-31T04:04:45+00:00","dateModified":"2023-09-01T04:10:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#webpage"},"wordCount":763,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/08\/Duo-crying-Duolingo-data-breach-400x260-1.jpg","keywords":["Data Breach"],"articleSection":["Security &amp; Privacy"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/2-6-million-duolingo-users-accounts-exposed-in-data-leak\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/08\/Duo-crying-Duolingo-data-breach-400x260-1.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-pGj","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/98723"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=98723"}],"version-history":[{"count":12,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/98723\/revisions"}],"predecessor-version":[{"id":98741,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/98723\/revisions\/98741"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/98727"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=98723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=98723"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=98723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}