It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here.  While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those [...]

The post API Abuse – Lessons from the Duolingo Data Scraping Attack appeared first on Wallarm.

The post API Abuse – Lessons from the Duolingo Data Scraping Attack appeared first on Security Boulevard.

Tim Erlin

Source: Security Boulevard
Source Link: https://securityboulevard.com/2023/08/api-abuse-lessons-from-the-duolingo-data-scraping-attack/