User data from Duolingo, one of the most popular language learning platforms, has been scraped and is now being circulated on the dark web. The dataset reportedly includes details such as usernames, email addresses, and other publicly accessible profile information. Although this does not appear to be the result of a direct security breach, the scraping of such data raises concerns about user privacy and the potential for phishing attacks or other forms of exploitation.
This incident underscores the importance of users reviewing and strengthening their privacy settings on online platforms. Publicly visible information, even if innocuous, can be aggregated and misused when paired with other leaked datasets. Platforms like Duolingo must also consider additional safeguards to limit the unauthorized collection of publicly shared data and protect their user base from potential threats.