The email addresses, names, and other service-related data of several users were accessed from the language learning application’s database.
Today, one of the most common forms of cybercrime is hacking into the databases of websites, applications and various programs and stealing user data from them. The purpose is mostly to sell the acquired information to a third party. Customer can misuse data to an extent that depends on the sensitivity of the data type selected. This can range from using email addresses for marketing purposes to obtaining bank card details.
Many well-known technology companies have fallen the personal data of their users into unauthorized hands. Discord, Razer, and Acer have done the same thing recently, but the list goes on and on.
It can be completed, for example, with Duolingo, a language learning support application designed for mobile phones, which can help you learn in nearly 80 different combinations. The platform’s user data was leaked to a hacker forum last January. At the time, the uploader demanded $1,500 for the stolen data, but now it’s almost free.
User data was extracted through an open API, which is accessible to almost anyone. Among the stolen data, email addresses are the most valuable, which is not public data, but users can still be found through a bulk query, which is done through an email list obtained from another source.
By the way, Duolingo has done nothing to prevent similar cases from happening since the January incident, though it could serve as a cautionary tale that in the past more than one service provider has received serious data protection fines for negligence.