Duolingo Data Breach (2022)

Data belonging to 2.6 million Duolingo users was scraped in January 2023. This data included real names, login names, email addresses, and internal DuoLingo service information. The leak stemmed from an exposed API that allowed threat actors to confirm email addresses associated with DuoLingo accounts.