The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.
26 points
*
However, Duolingo did not address the fact that email addresses were also listed in the data, which is not public information.
From the Article, emphasis by me
11 points
*