Duolingo, one of the largest language learning companies in the world today was the recent victim of a data breach. The company served over 74 million people at one time, and it's no wonder that attackers were able to steal information from over 2.6 million individuals in their attack.
The Duolingo breach was possible because of a vulnerable API or application programming interface. The API was designed to enable programmers to connect their services to Duolingo, but a small issue with it enabled attackers to harvest huge amounts of information from Duolingo, getting access to information that shouldn't have been available to the public.
The API issue has been known since March of 2023. That means the breach could have occurred in and around March or the months after.
Over 2.6 million Duolingo users were exposed by this breach. It's the users that are at risk because of the information shared. Even though the data stolen wasn't substantial for each person, it could still be used to launch phishing attacks and steal customer data.
We don't know the number of total files impacted by this breach. We aren't sure if files were copied or moved at all to make this breach possible.