The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.
Oh no. Now they know the aliased email address, unique password, and that I didn’t try very hard to learn spanish.
(please note: this is a joke, I don’t see anything about them getting passwords)
Something to note here - with AI, if you’re using any sort of heuristic for your password, it’s pretty simple to work out a pretty good set of possibilities which makes brute force even easier and puts you at risk across the board.
Always come up with random passwords that are as random as possible. If there’s a path you took to get to a password, in theory it can be worked backward.
For example I know some people who only change a single letter when changing their passwords which is ultimately trivial to guess if the old password was compromised (hence the need to change the password or the need to proactively work against this possibility)
That’s why I let Bitwarden generate a random 64 character password with special characters and numbers
Next email from duo: give me your credit card details
deleted by creator
Damn, they’ll know I didn’t finish that Spanish lesson the bird bothered me about!
I hope they don’t fucking send me spam.
Depending on how far you got, you might not understand it anyway.
Do the people that release these get paid somehow? Or do they just do it for hacker cred and say fuck these 2.6M people?
In January 2023, someone was selling the scraped data of 2.6 million DuoLingo users on the now-shutdown Breached hacking forum for $1,500.
…
As first spotted by VX-Underground, the scraped 2.6 million user dataset was released yesterday on a new version of the Breached hacking forum for 8 site credits, worth only $2.13.
“Today I have uploaded the Duolingo Scrape for you to download, thanks for reading and enjoy!,” reads a post on the hacking forum.
HODL, the value will go up again for sure
Both.
estamos jodidos señor búo
I’m so glad I switched to duck email. Might as well changes it again and block the old email.
How is that API still up after this has happened?
I only see this comment, but it says 53 comments. I just want to know why they didn’t tell their userbase.
I see the same thing. However if you go to the link to this post on kbin.social, you can see the other comments. It’s weird. https://kbin.social/m/technology@lemmy.world/t/371933 Edit: the hyperlink won’t display properly in this comment. You have to copy the whole link and paste it in your browser.
Sometimes that happens for me too in the Liftoff app. But if I reload the comments with “swipe to refresh”, them all the others will appear too.
Lemmy and kbin have been having some federation issues lately, which might be why you’re only seeing one comment.
