Email or username:

Password:

Forgot your password?
Have I Been Pwned's posts Post Back to profile
Have I Been Pwned

New scraped data: Duolingo had 2.6M records scraped from a vulnerable API earlier this year and posted to a hacking forum today. Data included name, email, username and learning progress. 100% were already in @haveibeenpwned. Read more: bleepingcomputer.com/news/secu

23 Aug 2023 at 4:48 | Open on infosec.exchange
18 comments
Yuvraj Hanspal

@haveibeenpwned even learning a new language is not secure... 😅

Rats...

23 Aug 2023 at 5:01 | Open on ioc.exchange
Five Element Ninja

@haveibeenpwned And I was just about to sign up yesterday. Oof.

23 Aug 2023 at 5:34 | Open on mastodon.social
OpticalNail

@FiveElementNinja @haveibeenpwned use an email alias and a random username and you're relatively safe, as long as you do not fall for phishing attempts yourself.

23 Aug 2023 at 5:50 | Open on expressional.social
Dame Holly

@arh I do this for all these apps, I careful curate who gets my real name and email address. There's simply no need for them to know my real identity to use these services.

23 Aug 2023 at 7:44 | Open on aus.social
Alessandro Lai

@haveibeenpwned is "100% were already in HIBP" a new record? 😢

23 Aug 2023 at 5:43 | Open on phpc.social
Frederik

@alessandrolai @haveibeenpwned
From BleepingComputer:

>

The API allows anyone [...] to feed an email address into the API and confirm if it is associated with a valid DuoLingo account.

So any email address in the leak must've been leaked before or brute forced. I'd assume the scraper simply used leaks which were already public which would explain the 100% match against HIBP.

23 Aug 2023 at 6:05 | Open on infosec.exchange
Zulhilmi Asyraf

@haveibeenpwned At least no password because majority use Google OAuth.

23 Aug 2023 at 6:12 | Open on mastodon.sdf.org
Leichtmatrose
Oliver Kamer

@haveibeenpwned ah that's why they turned off their very useful API...

23 Aug 2023 at 7:04 | Open on mastodon.social
δημοκρατία
DELETED

@Ppampolim :(

quando vou ao haveibeenpwned.com/ encontro sites q nem lembrava de algum dia ter usado..

23 Aug 2023 at 7:18 | Open on mastodon.green
δημοκρατία

@Bossito Eu deixei de me preocupar com casos destes porque, há alguns anos atrás passei a usar emails temporários e um gestor de contas/passwords. Mas não deixa de ser desagradável quando afeta alguma plataforma onde se investe tempo e esforço (como parece ser o teu caso com essa (pelo que leio dos teus posts sobre os resultados obtidos)).

Nao vou ao haveibeenpwned.com/, nem sabia porque email procurar 😞

23 Aug 2023 at 10:59 | Open on mastodon.social
DELETED

@Ppampolim pois é chato, mas não é culpa deles acho.. e nesse site o meu email não parece apanhado nessa fuga do duolingo. Se calhar pq eu acho q nem tenho conta direta com eles, sempre fiz o login com o gmail salvo erro.

23 Aug 2023 at 11:00 | Open on mastodon.green
she hacked you

@haveibeenpwned Yeah that API did give you a lot of data, too much for users you are not even friends with.

At least they admitted it.

Did someone scab and submit the problem over hacker1, having to do data entry?

23 Aug 2023 at 7:15 | Open on mastodon.social
Helpdesk Stu
Ken Wallace
Helpdesk Stu

@haveibeenpwned @Taco_lad I have no idea why I mentioned you in this, this client randomly picks up users and adds them sometimes

23 Aug 2023 at 8:03 | Open on aus.social
MrClon

@haveibeenpwned NOOOOOO!!!!! Now every one can know how poorly my Finnish and Latin progress is!

23 Aug 2023 at 12:18 | Open on lor.sh
Go Up