73
API Misuse: Hacker Leaks 2.6M Duolingo Users' Emails & Names
(www.hackread.com)
This is a most excellent place for technology news and articles.
Surely allowing access to this personal data via a public API is a data breach? Its just taking it from something that shouldnt have exposed it rather than hacking into a system
Yeh.
Same as if it was a CSV mailing list on an unprotected URL or whatever.
The term "data breach" suggests there was security there to be breeched. Maybe it needs a better term?
Data leak? In the security field, they categorize it as "information disclosure"... But it doesn't have the same level of gravitas to it
We have investigated this unintended information disclosure and have concluded it's the fault of the users for having information.
Carries the same weight as "Rapid Unscheduled Disassembly". It's the fault of those little green men in kerbal space program.