Public breachBreachXposedOrNot· 1 Jan 2023

Duolingo

Domain: duolingo.com

What happened

Data belonging to 2.6 million Duolingo users was scraped in January 2023. This data included real names, login names, email addresses, and internal DuoLingo service information. The leak stemmed from an exposed API that allowed threat actors to confirm email addresses associated with DuoLingo accounts.

Breach facts

Records exposed: 2,676,686
Sensitive: No
Industry: Education
Data exposed: Email addressesNamesUsernames

Check my email →← All breaches

This page summarises publicly reported breach metadata for awareness. For account recovery or incident response, use the official guidance from the affected service.

Breach data provided by XposedOrNot.