{"id":21096,"date":"2023-01-26T16:10:03","date_gmt":"2023-01-27T00:10:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/01\/26\/news-14829\/"},"modified":"2023-01-26T16:10:03","modified_gmt":"2023-01-27T00:10:03","slug":"news-14829","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/01\/26\/news-14829\/","title":{"rendered":"&#8220;2.6 million DuoLingo account entries&#8221; up for sale"},"content":{"rendered":"<p>Not a week goes by where we don&rsquo;t see an example of data scraping causing concern for both business and folks at home. The latest target <a href=\"https:\/\/therecord.media\/duolingo-investigating-dark-web-post-offering-data-from-2-6-million-accounts\/\" target=\"_blank\">happens to be popular language platform DuoLingo<\/a>, who&nbsp;is currently digging into a forum post concerning data related to&nbsp;its customer accounts.<\/p>\n<h2>Scraping data for fun and profit, but mostly profit<\/h2>\n<p>From the forum post, titled &ldquo;DuoLingo 2.6 million entries scrape&rdquo;:<\/p>\n<p><em>I am selling 2.6 million DuoLingo account entries that were scraped from an exposed API. Starting price is $1,500 USD, but the price can be negotiated.<\/em><\/p>\n<p>The post <a href=\"https:\/\/twitter.com\/FalconFeedsio\/status\/1617735519194214413\" target=\"_blank\">claims to offer many pieces of information<\/a>, including:<\/p>\n<ul>\n<li>Phone numbers<\/li>\n<li>Emails<\/li>\n<li>Courses taken<\/li>\n<\/ul>\n<h2>Your big deal is someone else&#8217;s&nbsp;tiny hiccup<\/h2>\n<p>This all sounds very bad at first glance, but as with many data scraping incidents, a lot of it is heavily dependent on what kind of data has been obtained. Is it a collection of supposedly secret things, or is it information which is (or was) intentionally publicly available? If it&rsquo;s &ldquo;only&rdquo; available via a supposedly exposed API, is it catastrophic for the users if their language or achievements are revealed to the world?<\/p>\n<p>The aggravatingly on-the-fence answer to this is often &ldquo;it depends&rdquo;. Your threat model is not that of someone else&rsquo;s, and we simply can&rsquo;t predict how much of a big deal something which supposedly isn&rsquo;t, <em>is<\/em>. Even though DuoLingo has stated that this is not the result of a breach or hack, and that the records were obtained by &ldquo;data scraping public information&rdquo;, this may be scant consolation to those affected.<\/p>\n<h2>Our advice: don&#8217;t panic, but keep an eye on the situation<\/h2>\n<p>DuoLingo has been a target for scammers and others up to no good for a long time, as tends to befall the biggest names out there in their respective fields of expertise. Just last year, fake &ldquo;premium subscriptions&rdquo; to DuoLingo services were <a href=\"https:\/\/www.jpost.com\/business-and-innovation\/tech-and-start-ups\/article-712792\" target=\"_blank\">used as the hook for a phishing scam<\/a>.<\/p>\n<p>For now, if you&rsquo;re a DuoLingo user, there&rsquo;s not a lot you can do except wait for more information on this data scraping incident to be published. In theory, this may not be a huge concern but again: threat models. If you&rsquo;re particularly worried, the best thing to do would be to contact DuoLingo customer support and see if there&rsquo;s any more details they can give.<\/p>\n<p>Stay safe out there!<\/p>\n<hr \/>\n<p><strong>We don&rsquo;t just report on threats&mdash;we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by <a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/2.6-million-duolingo-account-entries-up-for-sale\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/news\" rel=\"category tag\">News<\/a><\/p>\n<p>Tags: duolingo<\/p>\n<p>Tags:  data<\/p>\n<p>Tags:  scraped<\/p>\n<p>Tags:  API<\/p>\n<p>Tags:  forum<\/p>\n<p>Tags:  sale<\/p>\n<p>Tags:  selling<\/p>\n<p>Tags:  post<\/p>\n<p>Tags:  user<\/p>\n<p>Tags:  account<\/p>\n<p>Tags:  info<\/p>\n<p>We take a look at claims of large amounts of DuoLingo user data up for sale, supposedly scraped from publicly available sources.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/2.6-million-duolingo-account-entries-up-for-sale\" title=\"\"2.6 million DuoLingo account entries\" up for sale\">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/2.6-million-duolingo-account-entries-up-for-sale\">&#8220;2.6 million DuoLingo account entries&#8221; up for sale<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[16349,11663,6270,8819,27112,28450,32,15689,26351,28448,27775,28449],"class_list":["post-21096","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-account","tag-api","tag-data","tag-duolingo","tag-forum","tag-info","tag-news","tag-post","tag-sale","tag-scraped","tag-selling","tag-user"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21096","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=21096"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21096\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=21096"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=21096"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=21096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}