551
Scraped data of 2.6 million Duolingo users released on hacking forum
(www.bleepingcomputer.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Aug 2023
551 points (99.1% liked)
Technology
59147 readers
2463 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
"Scraped" data suggests that it's data available on public profile pages. However, the article also says the dump is a mix of public and non-public info. So which is it, scraped or not? It's an important distinction, because data collection by scraping is technically not a breach.
Take this with a pinch of salt but what I'm gathering is that it's essentially just taking people's public profiles but the Duolingo api also exposes users' e-mail addresses (and possibly other info) that isn't normally displayed as part of the user's public profile via their app.
In essence, they're exposing more data than they probably should be and users were not really aware that data was being made public - that's why people are upset about it.
Ok, this makes sense -- in which case the API should not be exposing data that isn't otherwise available on the public profile, so that is significant.