{"id":32759,"date":"2023-09-18T09:31:42","date_gmt":"2023-09-18T09:31:42","guid":{"rendered":"https:\/\/www.cyberguru.it\/2023\/09\/18\/phishing-risk-for-duolinguo-users\/"},"modified":"2023-09-28T18:57:46","modified_gmt":"2023-09-28T18:57:46","slug":"phishing-risk-for-duolinguo-users","status":"publish","type":"post","link":"https:\/\/www.cyberguru.it\/en\/2023\/09\/18\/phishing-risk-for-duolinguo-users\/","title":{"rendered":"Phishing risk for Duolinguo users"},"content":{"rendered":"[et_pb_section admin_label=”section”]\n\t\t\t[et_pb_row admin_label=”row”]\n\t\t\t\t[et_pb_column type=”4_4″][et_pb_text admin_label=”Text”]\n

Learning languages, yes, but watch out for the pitfalls<\/strong><\/h2>\n\n

Today, in order to move around and work in the world, it is almost mandatory to learn other languages in addition to one’s mother tongue.<\/p>\n\n

Until a few years ago, this was considered an investment in oneself. A challenging, and also an expensive, path. It was necessary to participate in recognised courses, perhaps attend a school in person, often planning stays abroad. In short, investing a lot of time and money. Today, everything is much simpler: the web is teeming with both teachers and programmes or applications that, with relatively little effort, promise easy, fast and inexpensive learning<\/strong>.<\/p>\n\n

Among these applications, one of the best-known and most used is Duolinguo<\/a><\/strong>, one of the world’s largest sites for learning languages, with over 74 million global monthly users.<\/p>\n\n

The first beta version of Duolingo dates back to 30 November 2011, and before the launch, it had already accumulated a waiting list of more than 300 thousand users. The site was launched to the public in June 2012 and as of January 2014 it had 25 million users<\/strong>, of which about 12.5 million were active users<\/strong>. In 2013, Apple chose Duolingo as its “iPhone app of the year”<\/strong>, making it the first educational app to be awarded this type of recognition. In short, a perfect idea and method right from the start.<\/p>\n\n

Too bad, however, that cracks have started to appear in the reliability of the well-known application following a recent data leak<\/a>. <\/strong>Earlier this year, hackers obtained the names and email addresses of 2.6 million users <\/strong>of the app and are now selling the entire dataset on underground forums for about $2.13 <\/strong>, thus enabling other criminals to conduct targeted phishing attacks <\/strong>using users’ names and email addresses.<\/p>\n\n

At the same time, hackers can trick victims into clicking, by impersonating Duolingo in their messages<\/strong>. The goal is both to steal money and use targeted phishing emails<\/strong> to trick Duolingo users into installing malware on their devices or providing their credentials or bank details, through the payment service called Super Duolingo<\/strong>.<\/p>\n\n

This data was collected using an exposed API (application programming interface<\/strong>) that has been published since at least March 2023.<\/p>\n\n

This API allows anyone to enter a username and output a JSON containing the public information of the user profile entered. In addition, you can also enter an email address in the API and check if it is associated with a valid Duolingo account.<\/p>\n\n

The point is that it seems that this API is still available to anyone on the web, even after its abuse was reported to Duolingo in January.<\/strong><\/p>\n\n

In short, the problem does not seem to have been solved. So, for now, users, waiting for Duolinguo to take definitive measures, all that remains is to be very careful not to fall into the spider’s web<\/strong>.<\/p>\n\n

The suggestions are always the same:<\/strong> <\/h3>\n\n