This has raised concerns, as this could make users vulnerable to phishing attacks through email.
I am selling 2.6 million Duolingo account entries that were scraped from an exposed API.
They added that an internal investigation was underway to find out the need for additional security measures.
reads a post on the hacking forum.
The exposed API has been circulated openly and known since at least March 2023.
Also, researchers have been tweeting andpublicly documentinghow to use the API.
They warn that the leaked data could be used for doxxing and may also lead to targeted phishing attacks.
DuoLingo has yet to reply as to why the API is still open.
source: www.techworm.net
