API Misuse: Hacker Leaks 2.6M Duolingo Users' Emails & Names

111@zerobytes.monster · edit-2 11 months ago

API Misuse: Hacker Leaks 2.6M Duolingo Users' Emails & Names

breadsmasher@lemmy.world · 11 months ago

Surely allowing access to this personal data via a public API is a data breach? Its just taking it from something that shouldnt have exposed it rather than hacking into a system

towerful@programming.dev · 11 months ago

Yeh.
Same as if it was a CSV mailing list on an unprotected URL or whatever.
The term “data breach” suggests there was security there to be breeched. Maybe it needs a better term?

unscholarly_source@lemmy.ca · edit-2 11 months ago

Data leak? In the security field, they categorize it as “information disclosure”… But it doesn’t have the same level of gravitas to it

db2@sopuli.xyz · 11 months ago

We have investigated this unintended information disclosure and have concluded it’s the fault of the users for having information.

unscholarly_source@lemmy.ca · 11 months ago

Carries the same weight as “Rapid Unscheduled Disassembly”. It’s the fault of those little green men in kerbal space program.

API Misuse: Hacker Leaks 2.6M Duolingo Users' Emails &amp; Names

API Misuse: Hacker Leaks 2.6M Duolingo Users' Emails &amp; Names

API Misuse: Hacker Leaks 2.6M Duolingo Users' Emails & Names

API Misuse: Hacker Leaks 2.6M Duolingo Users' Emails & Names