nilog:

「ユーザー名と名前は他のユーザーから見えるようになっています。 なお、あなたの友達が、あなたのアカウント作成時に使用したメールアドレスを知っている場合、検索機能を通してあなたを探すことができます」

私の情報は安全ですか？ – Duolingoヘルプセンター https://support.duolingo.com/hc/ja/articles/204830130

「これらのデータは、Duolingo APIのバグを利用すれば誰でも取得できます。APIに電子メールアドレスを送信すると、該当するユーザーがいればそのアカウント情報(名前、電子メールアドレス、学習した言語)が返ってきます。電子メールリストを使って260万人分のデータを収集したのでしょう」

Duolingoから流出した260万人分のデータがわずか2.13ドルで販売され始める | ニッチなPCゲーマーの環境構築Z https://www.nichepcgamer.com/archives/duolingo-2600000-users-data-leaked.html

「ユーザー名と名前は他のユーザーから見えるようになっています。 なお、あなたの友達が、あなたのアカウント作成時に使用したメールアドレスを知っている場合、検索機能を通してあなたを探すことができます」

私の情報は安全ですか？ – Duolingoヘルプセンター https://support.duolingo.com/hc/ja/articles/204830130

"When the data was for sale, DuoLingo confirmed to TheRecord that it was scraped from public profile information and that they were investigating whether further precautions should be taken."

"However, Duolingo did not address the fact that email addresses were also listed in the data, which is not public information."

Scraped data of 2.6 million Duolingo users released on hacking forum https://www.bleepingcomputer.com/news/security/scraped-data-of-26-million-duolingo-users-released-on-hacking-forum/

"This data was scraped using an exposed application programming interface (API) that has been shared openly since at least March 2023, with researchers tweeting and publicly documenting how to use the API."

Scraped data of 2.6 million Duolingo users released on hacking forum https://www.bleepingcomputer.com/news/security/scraped-data-of-26-million-duolingo-users-released-on-hacking-forum/

"The API allows anyone to submit a username and retrieve JSON output containing the user's public profile information. However, it is also possible to feed an email address into the API and confirm if it is associated with a valid DuoLingo account."

Scraped data of 2.6 million Duolingo users released on hacking forum https://www.bleepingcomputer.com/news/security/scraped-data-of-26-million-duolingo-users-released-on-hacking-forum/

"Language learning platform DuoLingo said it is investigating a post on a hacking forum offering information on 2.6 million customer accounts for $1,500."

"A spokesperson for the company said they are aware of the post, which was created on Tuesday morning and offers emails, phone numbers, courses taken and other information on how customers use the platform."

DuoLingo investigating dark web post offering data from 2.6 million accounts https://therecord.media/duolingo-investigating-dark-web-post-offering-data-from-2-6-million-accounts

"“These records were obtained by data scraping public profile information,” a spokesperson said."

"“No data breach or hack has occurred. We take data privacy and security seriously and are continuing to investigate this matter to determine if there’s any further action needed to protect our learners.”"

DuoLingo investigating dark web post offering data from 2.6 million accounts https://therecord.media/duolingo-investigating-dark-web-post-offering-data-from-2-6-million-accounts