The scraped data of 2.6 million Duolingo users has been released on a hacking forum.
The data includes usernames, emails, phone numbers, and course information.
The data was reportedly scraped from Duolingo’s public profile information.
As first spotted by VX-Underground, the scraped 2.6 million user dataset was released yesterday on a new version of the Breached hacking forum for 8 site credits, worth only $2.13.
“Today I have uploaded the Duolingo Scrape for you to download, thanks for reading and enjoy!,” reads a post on the hacking forum.
This data was scraped using an exposed application programming interface (API) that has been shared openly since at least March 2023, with researchers tweeting and publicly documenting how to use the API.
